cobaltstrike | c0ebb83d5679b45851f1b57e5608d6f75dc37a9519347ff73143f22e1883c2aa

General

Target

cdde5ef9f381ab7f98ba04ca6c344b218eb32a7aa8f1dbc16e5603959cbc9ca2.zip
Size

128KB
Sample

240716-m9qgrsscrg
MD5

a67de2509931c4f8c4b6bc5c14a1144b
SHA1

b3bbe7337df983191f46d597ab4fce4ba87f2e01
SHA256

c0ebb83d5679b45851f1b57e5608d6f75dc37a9519347ff73143f22e1883c2aa
SHA512

b602a39e66c193cd5596772f774352c5b7584726234e264569db58a482af1aa6be0897cabd529c2f427df416e2f0ac11a53b501a2edc820032bf9da827cb8f5e
SSDEEP

3072:DImo7HE5+4x8cvw8Qaa+Ml/QUlUnE2JdZZpSiWtxg15G5b7nj4:cWI4x48Q1lZ2EYDZpSZg15U7j4

Score

10^/10

cobaltstrike 100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://192.168.126.129:80/g.pixel

Attributes

access_type
512
host
192.168.126.129,/g.pixel
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
80
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3MvVagIHcDKaYR1It1n8t+QWweadOg6wXq+Eh1Jk7k9ZyHcpHp1E3lD8BoUh7nX4lgpZPpnF6B7ipsUvnjJbj5gPjazIx8gh21v8izetDeDZ/j1oLlZlE0TQ4d4Gu4DokEYsX13SdpYJaTCwxiEl70TMn1lTzOP4VWtzgbOZcDQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)
watermark
100000

Targets

- Target
  
  cdde5ef9f381ab7f98ba04ca6c344b218eb32a7aa8f1dbc16e5603959cbc9ca2
- Size
  
  260KB
- MD5
  
  79020f8521a10f21e182b82c3d9de998
- SHA1
  
  996d585da81cb99ffa85b10a485c5d6e749e9f4b
- SHA256
  
  cdde5ef9f381ab7f98ba04ca6c344b218eb32a7aa8f1dbc16e5603959cbc9ca2
- SHA512
  
  fbf0353de5a2ed9200b1d41d208c622a19834e7e00b92199d11cc6f727066cee6059a772ff5817d40606c651f01892edd09bf98b80df166258a112b4aa8343c6
- SSDEEP
  
  6144:uJqVG5d1IpMyibgkTZI6jHID90aEBXKH/:u3d6tevox0BX8
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2