cobaltstrike | 9967520030504ee3161c9c6092b053807f4f931af3c0617f49db9b3f534fe5fe

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-30_238ee298bbc32f29b5682725d93194fa_cobalt-strike_cobaltstrike
Size

312KB
Sample

240530-eeg8xadd9w
MD5

238ee298bbc32f29b5682725d93194fa
SHA1

c72897cd6b9df4b9bcdde6d818381430fb77eb3e
SHA256

9967520030504ee3161c9c6092b053807f4f931af3c0617f49db9b3f534fe5fe
SHA512

574c900592042df3128ea925238796b2e28aa03cf03a02520c8026395c0528d15af74f83c72ed796c6757b2a75566aa8a9083f84bbc573652ae929c074217f78
SSDEEP

3072:8c0nsHpyvGj346lbkBNegppj8aJGIhxjT3A8ygbLAZmitdG3bZ94YJNb/S1Pnm8C:8c0bPz9pt8ahTw8PHA8itQz4n+uE

Score

10^/10

cobaltstrike 426352781

Malware Config

Extracted

Family

cobaltstrike

Botnet

426352781

http://119.188.123.171:443/info

http://101.70.154.25:443/info

http://120.226.149.166:443/info

http://221.204.20.34:443/info

http://112.16.242.47:443/info

Attributes

access_type
512
beacon_type
2048
host
119.188.123.171,/info,101.70.154.25,/info,120.226.149.166,/info,221.204.20.34,/info,112.16.242.47,/info
http_header1
AAAAEAAAABZIb3N0OiBkZXB5LnAzcmg0cHMudG9wAAAACgAAABZDb25uZWN0aW9uOiBLZWVsLUFsaXZlAAAABwAAAAAAAAALAAAAAgAAABQmdz1YJno9QSZjPVombT1OJm49QwAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAABJBY2NlcHQ6IHRleHQvcGxhaW4AAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogY24tY24AAAAKAAAAG0FjY2VwdC1FbmNvZGluZzogdGV4dC9wbGFpbgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAQAAAAFkhvc3Q6IGRlcHkucDNyaDRwcy50b3AAAAAKAAAAFkNvbm5lY3Rpb246IEtlZWwtQWxpdmUAAAAHAAAAAAAAAAgAAAAFAAAAAmlkAAAABwAAAAEAAAADAAAAAgAAABQmdz1YJno9QSZjPVombT1OJm49QwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
2560
polling_time
1
port_number
443
sc_process32
%windir%\syswow64\ucsvc.exe
sc_process64
%windir%\sysnative\ucsvc.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqW6Nfra+6XGGPYD0AP8xr2NyBaeVJo8YLe1WLcpayWAqfMVV+QRtrgEdXApPMEY1ilSApVV5QSZGEE7Kg4dm2wjo+cUxs/i2n3uv1KcX4IPCES0fiNGOiCmoSgge7Bwzt+H1X4xykMlbKGaVE0LIkPUf8Ii59U12/V4SozEukGQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/hdo/fsh
user_agent
Mozilla / 5.0(Windows NT 10.0;Win64;x64) AppleWebKit / 537.36(KHTML, likeGecko) Chrome / 97.0.4692.71Safari / 537.36Edg / 97.0.1072.55
watermark
426352781

Targets

Tasks

static1

426352781cobaltstrike

Score

10^/10