cobaltstrike | 2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4

General

Target

2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4
Size

205KB
Sample

240520-xztfsaeb21
MD5

8b994526c2d3405eea11bb7f2bdea1d1
SHA1

5109a133db7f8a6e4761e08b930eb70abecf603e
SHA256

2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4
SHA512

8b04dd06ef889fb6d4cdeaf7419db4510b8592d28073b1fbdbd6082809701f208fe82b3e2ff32bf60a38f58deac9195f4ac475c3908879d307858a2f0dc5c96f
SSDEEP

3072:0/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUakD5bf:0/MEfuN0t8C5oFsoeRM3o0jG9

Score

10^/10

cobaltstrike 426352781

Malware Config

Extracted

Family

cobaltstrike

Botnet

426352781

C2

http://188.166.233.139:80/bootstrap5.js

Attributes

access_type
512
host
188.166.233.139,/bootstrap5.js
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAANAAAAAgAAAAZfX3VpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAPAAAADQAAAAUAAAAIX19jZmR1aWQAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9472
polling_time
15000
port_number
80
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHdP2EYbj7UanIlNWTkx40CLAgektM/ZETYrCBBQaNBaLvDIKeT+CCQyUAiV3NNDc84VwA44ZRx44tQFoOIAzBfHUc1YOd6mAIGHVJLP1zIUPXYsAuzWf36ip0yuziOgRwByr1L56glsdjbMomlz5TEHFkl4AgqR+6Hx/gJcoRVwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.234810624e+09
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/analytics.js
user_agent
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
watermark
426352781

Targets

- Target
  
  2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4
- Size
  
  205KB
- MD5
  
  8b994526c2d3405eea11bb7f2bdea1d1
- SHA1
  
  5109a133db7f8a6e4761e08b930eb70abecf603e
- SHA256
  
  2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4
- SHA512
  
  8b04dd06ef889fb6d4cdeaf7419db4510b8592d28073b1fbdbd6082809701f208fe82b3e2ff32bf60a38f58deac9195f4ac475c3908879d307858a2f0dc5c96f
- SSDEEP
  
  3072:0/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUakD5bf:0/MEfuN0t8C5oFsoeRM3o0jG9
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2