Overview

overview

10

Static

static

10

0caa6686eb...ce.dll

windows7-x64

1

0caa6686eb...ce.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0caa6686eb6602c1d96743ff8ef6212944d88f8c6823fe1da30721ed4b181ace

  • Size

    259KB

  • Sample

    240609-mlfbwshd6v

  • MD5

    23bf409c5d1f3d60ab03eb62a2f9f330

  • SHA1

    3cc7a21c8f2ee8e185015c42ffa60291cdce4e3d

  • SHA256

    0caa6686eb6602c1d96743ff8ef6212944d88f8c6823fe1da30721ed4b181ace

  • SHA512

    7e46c4506969b070b7a72116ddef4a588910a4fb54a3c614631536b30da3ef332c65743b8e07e927e18a0ffc66d7cc3dd122203109699dd9cca871c3016e798c

  • SSDEEP

    6144:uJqVG5d1IpMyibgkTZI6jHID90a+BXVH/:u3d6tevoxuBX5

Score
10/10
cobaltstrike100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://microsoftsoftwave.com:8443/ca

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    microsoftsoftwave.com,/ca

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    8443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTsCJfEOJJUvdtQ0u8mvgln9jpPx2ugKWgd/xoT4+YvrUGP7Sg9H2c+2Q6BgYjvvM/5UGxFaPe5sMaXHH9MYKEjLDxoxnmVEF9c6XX9GmlHwClD9uXT5mcfOMF1QyEqJ8c1n5ja/MNJKA3i5yrsUJkzlpIcNsuwU33CNZasQ5k1QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; LBBROWSER)

  • watermark

    100000

Targets

    • Target

      0caa6686eb6602c1d96743ff8ef6212944d88f8c6823fe1da30721ed4b181ace

    • Size

      259KB

    • MD5

      23bf409c5d1f3d60ab03eb62a2f9f330

    • SHA1

      3cc7a21c8f2ee8e185015c42ffa60291cdce4e3d

    • SHA256

      0caa6686eb6602c1d96743ff8ef6212944d88f8c6823fe1da30721ed4b181ace

    • SHA512

      7e46c4506969b070b7a72116ddef4a588910a4fb54a3c614631536b30da3ef332c65743b8e07e927e18a0ffc66d7cc3dd122203109699dd9cca871c3016e798c

    • SSDEEP

      6144:uJqVG5d1IpMyibgkTZI6jHID90a+BXVH/:u3d6tevoxuBX5

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks