Overview

overview

10

Static

static

10

e286f4b4ac...47.dll

windows7-x64

1

e286f4b4ac...47.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e286f4b4acb5576ce65f2058e90b3847da32cc656fe65323477e6f244b8e3947.zip

  • Size

    128KB

  • Sample

    240720-dtsshsxekh

  • MD5

    4617f75cfe8b64eeaf50bca60f2a63fd

  • SHA1

    b9dab1f74300ae9f993db9fcfa4d6acebf29de24

  • SHA256

    4a829ee660f15886341510e0138c6f3d11d8171fdb6cc7bd1a6a155f11f40bf3

  • SHA512

    78e858d188a5c99726b5e13c340e2a59ab3a6eed9773ee0a15b74c7f42b016d99f0ee7e14aefb43587a0e3c5222376e6f12a7a9161ebfe0800c0f21b592dcec5

  • SSDEEP

    3072:olJqHf2G3HhqnEt1ZRkS16FgjHJGFCmhrbwoYOsPSm:4dnE7k4jHULtUoY7B

Score
10/10
cobaltstrike100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://192.168.146.129:80/g.pixel

Attributes
  • access_type

    512

  • host

    192.168.146.129,/g.pixel

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJELjItlXGdQwdtYfGyVnnpV7GbdZeO8UQI3KkEbTjarcoPyZ2qR24+1ZGiXigpdZl5MJwK7O+ym9nuXb5apz+syWh3ab1xI2EWUEU/3A0TcsvjONvPbWOQoIIJK9RvMOL9OkAoFZNcgH2R/0oHD4WDQx6GkzOO/v2gV/QzorBjwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent

  • watermark

    100000

Targets

    • Target

      e286f4b4acb5576ce65f2058e90b3847da32cc656fe65323477e6f244b8e3947

    • Size

      260KB

    • MD5

      3b152163bbbc3373a06be346e218189d

    • SHA1

      d9f1237e32a04a230aad1956b93e89a60a15e3c7

    • SHA256

      e286f4b4acb5576ce65f2058e90b3847da32cc656fe65323477e6f244b8e3947

    • SHA512

      2df9b2a3225dc09c92b5ab2a377548b07f24254bfff391193b4773e2adbcbbc3a8bb8a9e1dce2b4aea5ea9f6e3e70e74b4b18ae8abd1728776f0e0d703c3a5df

    • SSDEEP

      6144:uJqVG5d1IpMyibgkTZI6jHID90aTBXSH/:u3d6tevoxDBX0

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks