cobaltstrike | e65b53eadbb32fb06f0cffa784f9f2e7ce646dbeb34603b77520f3c88086ec80

General

Target

e75e3f7e94ce95c740416c01a2ebf3f9e30e834e6357b98de2df98b4eb3932d3.zip
Size

128KB
Sample

240726-pegx9a1aje
MD5

a24686b232d5366b994e551e6851193f
SHA1

22008261fc538291b779b166539821f32a83557c
SHA256

e65b53eadbb32fb06f0cffa784f9f2e7ce646dbeb34603b77520f3c88086ec80
SHA512

937d0bb7b63dae42a142473abce56a881b69b895692344a72989a4d940493c836cffc2856bd7e0c5990fd609b47234f740d15aa1220464b7089f03a4cbb478ee
SSDEEP

1536:8ffzPwd4ZFjFj5P4K57f6IwwbGQn4cKF2vQOitqMNbDX36KcIFW4PjJiFPYPVEnS:KbwkjFlxOuiG4/Si8s6y02Vwn71ZjK

Score

10^/10

cobaltstrike 100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://47.243.165.127:8888/pixel.gif

Attributes

access_type
512
host
47.243.165.127,/pixel.gif
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
8888
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDhw/moQ0VdyB56chcMLnDtUhv1UVM03XjgzN/oDf0LQsMcu+MMxmZr9HDUiK7XGswd6zX49j/Uu3CBnLBykLhefJFzZlH6ORRDAELHOc9oOsdRwWjxBYcPgGhXp1tNUcJEadPAxRYj7CQKLqdOQ3TZKEYWR7mGQWGrtK5BKlzAzQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
watermark
100000

Targets

- Target
  
  e75e3f7e94ce95c740416c01a2ebf3f9e30e834e6357b98de2df98b4eb3932d3
- Size
  
  260KB
- MD5
  
  8ac2e2c5cbc9743ec0bc681494546c8f
- SHA1
  
  fd1595e6d8ada9072fca5410e480d42c75e31424
- SHA256
  
  e75e3f7e94ce95c740416c01a2ebf3f9e30e834e6357b98de2df98b4eb3932d3
- SHA512
  
  25745165807ae0c23f6095fbe9d7a9567472050862eda6eb1f60f76a9058a54ae16862edcada60c512ab2279c413653f20c4016d022bb13522e90ddfc712d750
- SSDEEP
  
  6144:uJqVG5d1IpMyibgkTZI6jHID90aPBXEH/:u3d6tevoxfBXy
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2