General

  • Target

    718e09a79b037e4d54e9a68902bd61160ee682b15365df2c28a94aaa7f0cf707.zip

  • Size

    127KB

  • Sample

    240714-hvz1fatbkb

  • MD5

    33bc40a835d882c7166d31c4d94f861b

  • SHA1

    bb98b31e03e426cb198ae7ab4fb20758b1d4d707

  • SHA256

    dbaea3e558db4ca7edd673a15002da8854434f867dddd9367c3d9f663a457ca3

  • SHA512

    56f903e9ee00b63eacf792b6a90d639a86daef4ecf50f598cb3fef9eeb20b600ef5c7899decc1e2ef59e87619ebca59ece3ae9c9168696cf1d4c94016aceefd9

  • SSDEEP

    3072:cq93JL9UrIZG90zRa/78ZtUVp6jwrWHvsy1hHsQ5XaS:cqtJLTZ+0IYrUCjwrvahH1XV

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

C2

http://192.168.2.17:80/IE9CompatViewList.xml

Attributes
  • access_type

    512

  • host

    192.168.2.17,/IE9CompatViewList.xml

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLLqQLMuOjGNWQxhv2DvKFx7+E+n9hE42OfHUS8gVCF0fSWmcLSzYD6QlaLWCyqvzTaeWFs6VzfOuli7ejJR3/UNpe4nO5D7oq0ypxIcAnZ0vOjJ5bqRzpYjMxftX+/7DXmsRK3EsViHhG48Gh/DDZ0oC8Sld6CZyXzTIjI1i3iwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

  • watermark

    100000000

Targets

    • Target

      718e09a79b037e4d54e9a68902bd61160ee682b15365df2c28a94aaa7f0cf707

    • Size

      260KB

    • MD5

      bbd2e0b0f6acb382511e2da9bf16d1ea

    • SHA1

      6dbeac6b0b6c4eb384e4b27acd23671031f7d858

    • SHA256

      718e09a79b037e4d54e9a68902bd61160ee682b15365df2c28a94aaa7f0cf707

    • SHA512

      0c8ea31d361e3d9d24bc46601e270aae5ffff6b2672f1dea0e56c0b9d6b7e6bd7978e9d403589e2e14b71bc96d64dace12b16327dc2bb1d6589e162d14967624

    • SSDEEP

      3072:ksYckn3Xzq4IDwSK2Mbn/gprBJwJNJsCwQTIfXouPruOOTRY9BQYJerCo8:ksYwjwIGIprBJweGTIDjhOTReQ8H

    Score
    1/10

MITRE ATT&CK Matrix

Tasks