General

  • Target

    2024-05-24_0a81050f2c9942038b27236bd1b8becf_cobalt-strike_cobaltstrike

  • Size

    349KB

  • MD5

    0a81050f2c9942038b27236bd1b8becf

  • SHA1

    28add56e2ec688ef76f9508bce01d09bca5a6bbe

  • SHA256

    0f03b9c1b7b35f22c6f0fe2a6418e58306fdfc16214756dc052db2d3a2f1b1df

  • SHA512

    7073ff1c18ddf4c9b535c71c1f16d6c5751de11c09e1d43df839207fe0f7d1695fbdb5d4df7f165e670033dbfcc80dee537c62b3fa772b4e31b0c76b0e3ef1f7

  • SSDEEP

    6144:6FQTuDshCaqGc0bPzIpt8ahTw8PHA8itQgRQvOuE:6FUj18L8aS2E/RQv

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

520

C2

http://183.136.216.35:443/auth/data

http://14.29.98.35:443/auth/data

http://121.32.228.35:443/auth/data

http://119.96.52.35:443/auth/data

http://111.177.3.35:443/auth/data

http://114.80.30.35:443/auth/data

http://119.100.50.35:443/auth/data

http://183.56.138.35:443/auth/data

http://113.113.73.35:443/auth/data

http://220.194.65.35:443/auth/data

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    183.136.216.35,/auth/data,14.29.98.35,/auth/data,121.32.228.35,/auth/data,119.96.52.35,/auth/data,111.177.3.35,/auth/data,114.80.30.35,/auth/data,119.100.50.35,/auth/data,183.56.138.35,/auth/data,113.113.73.35,/auth/data,220.194.65.35,/auth/data

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    5120

  • polling_time

    10000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPA6CRY/EJOhNXBEiMFIPmA262UwP+bK4hNeLwuLfxfhP14bUalQ6LZlrsy8yG/+Sg8864x7PyCcB2sqgELFQ2E3DfEyeclXj26sBNdCEjpFOuZzu3o0gFJ46a8kW32NoYE4xq8ooPSZo1EHmMqAnV8i7WvljqjqeYIp5HgyPFkQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.481970944e+09

  • unknown2

    AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /auth-server/token

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/539.35 (KHTML, like Gecko) Chrome/75.0.379.172 Safari/539.35

  • watermark

    520

Signatures

  • Cobaltstrike family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-24_0a81050f2c9942038b27236bd1b8becf_cobalt-strike_cobaltstrike
    .exe windows:6 windows x64 arch:x64

    68609301992b574c0af931837b7ce001


    Headers

    Imports

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.