General

  • Target

    d71747c9eb6f60aefb32410708734b8ad5f51b27b7c7f2646cda80e3effea28c.exe

  • Size

    289KB

  • Sample

    240724-1txg2asdmb

  • MD5

    ff3ddbec055fa3b656aee0927a0bba23

  • SHA1

    3d8f7545da1185a203d6f1d77085b912db6d0cfe

  • SHA256

    d71747c9eb6f60aefb32410708734b8ad5f51b27b7c7f2646cda80e3effea28c

  • SHA512

    753196bf9bd3d9f4319e0e4aa9f9bfd37324a9784d42411cc1d8d6e79874136e5f5db067a48621c92135549a599236c6c15ab63ec7e5ac3b4d68a79b4b3bab9f

  • SSDEEP

    6144:0hVRFQXVb8wUX2whMU5nTLTke5K7zSOXdsiFetcMNvWieplDqBf5U:UF2YwLdUdLTkeQzSoyiFetcMNvWiepll

Malware Config

Extracted

Family

cobaltstrike

Botnet

987654321

C2

http://192.168.132.129:6666/dpixel

Attributes
  • access_type

    512

  • host

    192.168.132.129,/dpixel

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    6666

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZVCfJVafz3pEt0f4fuSfr9EqQelC1jSBj8KeumJ+LeTrppylUTTCFKikkq4rftPXlYkvlHKhO0ohkpAliXX6LYUTZCeXGrKmbuVqhD5gSV1OU6DKYvw6Y1FqsmWW5jEfVNJ4rEriDt02LudJiyw9HrA8sVUngRB9UKmRI6FV9KQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)

  • watermark

    987654321

Targets

    • Target

      d71747c9eb6f60aefb32410708734b8ad5f51b27b7c7f2646cda80e3effea28c.exe

    • Size

      289KB

    • MD5

      ff3ddbec055fa3b656aee0927a0bba23

    • SHA1

      3d8f7545da1185a203d6f1d77085b912db6d0cfe

    • SHA256

      d71747c9eb6f60aefb32410708734b8ad5f51b27b7c7f2646cda80e3effea28c

    • SHA512

      753196bf9bd3d9f4319e0e4aa9f9bfd37324a9784d42411cc1d8d6e79874136e5f5db067a48621c92135549a599236c6c15ab63ec7e5ac3b4d68a79b4b3bab9f

    • SSDEEP

      6144:0hVRFQXVb8wUX2whMU5nTLTke5K7zSOXdsiFetcMNvWieplDqBf5U:UF2YwLdUdLTkeQzSoyiFetcMNvWiepll

MITRE ATT&CK Matrix

Tasks