Static

static

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    YPbR

  • Size

    254KB

  • MD5

    5495e69e9aba080b9bdf3fad6b930f8d

  • SHA1

    29113b521d852780cf50b290607a94daff6da9ed

  • SHA256

    3792a39e3f6437dcfa32799796b1791f3b443190d10d0697fe1166604dc9bbfd

  • SHA512

    6dbf273c991e7b54915b8d11c991fe31a6a87527c583342c2913d4f484fda930053067d93800c8f56887ddf0980333b535002da4270d560eaeaebb4314bdf5f4

  • SSDEEP

    6144:p4tsVZbzyeWvcb0D8OcyH5r7qQimxDRRHd0ZF/4S6Gzu:CynzyeWkbDfW5uQJv9N

Score
10/10
305419896cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://217.12.218.46:80/preload

Attributes
  • access_type

    512

  • dns_idle

    7.86042073e+08

  • host

    217.12.218.46,/preload

  • http_header1

    AAAACQAAAAxtYW5pZmVzdD13YWMAAAAQAAAAF0hvc3Q6IG9uZWRyaXZlLmxpdmUuY29tAAAACgAAACZBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94bWw7Ki8qOwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAANAAAAAgAAAARFPVA6AAAAAQAAAAk9OlBGek05Y2oAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAAEAAAABdIb3N0OiBvbmVkcml2ZS5saXZlLmNvbQAAAAoAAAAmQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veG1sOyovKjsAAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAABAAAADQAAAAIAAAAERT1QOgAAAAEAAAAJPTpQRnpNOWNqAAAABgAAAAZDb29raWUAAAAHAAAAAAAAAA0AAAACAAAAG2h0dHBzOi8vcC5zZngubXMvc2EuaHRtbD9zPQAAAAYAAAAHUmVmZXJlcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    GET

  • jitter

    5120

  • maxdns

    235

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCT42RZXDkOt4TBaANg7RggQbQZgKIt9JoHuhWGb5HcZdWd3ZmoqFQuFJ53NsjMvGrDkwxGokAV2GaGhCCb1GHK1NigI6uBcokE6seiXhny94nDmEEu4EEdYyFgLrsswJ04NA8tnIQD11iUz7XxzwocHN1161Yj66YCBK61DUomQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    2.701664256e+09

  • unknown2

    AAAABAAAAAEAAAJ8AAAAAgAABiUAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown3

    1.610612736e+09

  • uri

    /sa

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    305419896

Signatures

Files

  • YPbR