General

  • Target

    2072-13-0x0000000000520000-0x0000000000992000-memory.dmp

  • Size

    4.4MB

  • Sample

    240725-dhk9asvbrk

  • MD5

    f94192b60ce0a9d418a47832f5f7d333

  • SHA1

    02c2f5de02bc85f35ab4cb04c7e93bcafed9383f

  • SHA256

    57397c28a2795ed74e72eb6a52a29a8998f0c5bcd84f8eb83009f350988746a7

  • SHA512

    6791de96c2c24ae0809022bcaab9483b2c3e114e032cf5515acd4fd9e7793de9094eedd5f0dd4c60649c1e6f980774e0dfa11833035d7a73f6a4fe8444ca8b74

  • SSDEEP

    3072:jEX+XSzARN6vL4kce1Z5MIrbJ21TjPThZb2fQgEz6i5KNcJ9lbYJRiKK:jEX50e1oIrbaTSI5z6i57JTbi

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

C2

http://ns1.icbc-com-cn.com:53/jquery-3.3.1.min.js

http://ns2.icbc-com-cn.com:53/jquery-3.3.1.min.js

Attributes
  • access_type

    512

  • beacon_type

    256

  • dns_idle

    1.908702538e+09

  • host

    ns1.icbc-com-cn.com,/jquery-3.3.1.min.js,ns2.icbc-com-cn.com,/jquery-3.3.1.min.js

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    9472

  • maxdns

    255

  • polling_time

    12000

  • port_number

    53

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrTYWiJ/5CMst9xKN4Qp1M/umCsyBwdCK1jZz+GjtvwrwHGXYIO7orYhmjKeuV3RHc06dqlylaJgqr9pelZ123yWcyV4nDO1DUCfJsmGCZeVGhHZ5nopo4URuQd9z6Qq1YraNH86vrdl37BrYYhRGDkZTQXpCUSclajI8qIfBwLQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.234810624e+09

  • watermark

    100000000

Targets

    Tasks