General

  • Target

    beacon.exe

  • Size

    278KB

  • Sample

    240710-st7c8svglj

  • MD5

    e567a74fdf409b182b308c33c0a1beb5

  • SHA1

    50b23518b015164e0456dfe0d700c4836ba62f69

  • SHA256

    5e38ffc9ba6827e2a81421f5f92cb8fd954d038be6338657a711a6fcb26fd591

  • SHA512

    3500dadb757a286f8b10bd66e9cdb6f4b766aa38766b46ec07c42ac952452cdce9022c964569adb3964df0832bdbbdea01f2ee9c4662e6c8e7beebd4bf587042

  • SSDEEP

    6144:pRpRzW4pom6loWCxcdxyGiHazSmUSo+KT:pTI4qmeFxypHaOdT

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

C2

http://118.195.149.144:34443/ptj

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    118.195.149.144,/ptj

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi11cwAAAAoAAAAbQWNjZXB0LUVuY29kaW5nOiB0ZXh0L3BsYWluAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsdHJ5dHJ5ZAAAAAcAAAAAAAAAAwAAAAIAAAAiU0VTU0lPTklEPXdxZTQ1NHdxZTJkczE1ZHM0ZHNhNWRzNAAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi11cwAAAAoAAAAbQWNjZXB0LUVuY29kaW5nOiB0ZXh0L3BsYWluAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsdHJ5dHJ5ZAAAAAcAAAAAAAAAAwAAAAIAAAAjSlNFU1NJT049ZHNmNXNkNGY1ZTQ1ZmU0czY1ZDRmODU2ZTQAAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    5120

  • polling_time

    3000

  • port_number

    34443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCL6TwBssquJ2T1RLKdozZUMdHUG8hYXPCrhDbynLqRy2a/ImO99g2pkMP1jX8v3ehv24p4gYn3DEdXSXNWgGrdea//ECVk38mo2T/y37krzCwLrqM/inCCOY9srYXqIjAqgLBuHLu5EayT5I5I2gAyefQJY+xhAPu+qaHMbrX0VQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.481970944e+09

  • unknown2

    AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36

  • watermark

    100000000

Targets

    • Target

      beacon.exe

    • Size

      278KB

    • MD5

      e567a74fdf409b182b308c33c0a1beb5

    • SHA1

      50b23518b015164e0456dfe0d700c4836ba62f69

    • SHA256

      5e38ffc9ba6827e2a81421f5f92cb8fd954d038be6338657a711a6fcb26fd591

    • SHA512

      3500dadb757a286f8b10bd66e9cdb6f4b766aa38766b46ec07c42ac952452cdce9022c964569adb3964df0832bdbbdea01f2ee9c4662e6c8e7beebd4bf587042

    • SSDEEP

      6144:pRpRzW4pom6loWCxcdxyGiHazSmUSo+KT:pTI4qmeFxypHaOdT

MITRE ATT&CK Matrix

Tasks