General

  • Target

    e0ac543984dbecb3ed326d6798ff21b3cf03d3d36c32f1b72314aed526845275

  • Size

    289KB

  • Sample

    240625-fd79davbkr

  • MD5

    dbc1b35b7dd116f6969c44bcf689c0be

  • SHA1

    84ddcc1b4e945422d01000ae06a7f94d65276b24

  • SHA256

    e0ac543984dbecb3ed326d6798ff21b3cf03d3d36c32f1b72314aed526845275

  • SHA512

    2e2eb5fabf534ba60c85d19d12ddafa8c9dd26180be6803f95481f0dd5b0e223ad56cdeda6f6fd6456b34819acb6be37448e559566dbef0045427d8f071ad67a

  • SSDEEP

    6144:+qoWMMtCfAKntCLh7ii0H6/McUTLdH10ze1SEL8CpAy:+q3MMKAKnwLhoHF31T1a

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://192.168.13.160:80/en_US/all.js

Attributes
  • access_type

    512

  • host

    192.168.13.160,/en_US/all.js

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpxzBVtPPIsLjB/qH1AQrz0V3w6SLYoTPUAFiPphq2hUfJFYFreGIfC3vN8wEBgcsIGF0R1SgzWPSsufDXLETcqaiXIts8/CD7NYOnMVYKOqV/dOpbjuaf2Dqbzo+V8g5d6IVllRoMOACZcwsBngeyLI/pto7Ch2rUdEWzLER43QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP09; NP09; MAAU)

  • watermark

    391144938

Targets

    • Target

      e0ac543984dbecb3ed326d6798ff21b3cf03d3d36c32f1b72314aed526845275

    • Size

      289KB

    • MD5

      dbc1b35b7dd116f6969c44bcf689c0be

    • SHA1

      84ddcc1b4e945422d01000ae06a7f94d65276b24

    • SHA256

      e0ac543984dbecb3ed326d6798ff21b3cf03d3d36c32f1b72314aed526845275

    • SHA512

      2e2eb5fabf534ba60c85d19d12ddafa8c9dd26180be6803f95481f0dd5b0e223ad56cdeda6f6fd6456b34819acb6be37448e559566dbef0045427d8f071ad67a

    • SSDEEP

      6144:+qoWMMtCfAKntCLh7ii0H6/McUTLdH10ze1SEL8CpAy:+q3MMKAKnwLhoHF31T1a

MITRE ATT&CK Matrix

Tasks