Overview

overview

10

Static

static

10

56aeba50c0...74.dll

windows7-x64

1

56aeba50c0...74.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    56aeba50c0d33a2b27b8c358d93db256d72a4c6896dcbe4e57e8380c99d93a74.zip

  • Size

    126KB

  • Sample

    240727-psnyqazdjl

  • MD5

    4baec4f2fac349568f7d3dce6c97508f

  • SHA1

    866c6c899a7f3d0ef0287881d9488c14824f4b8e

  • SHA256

    80212d56e02cbd5848880870d3702f3c1a8b5d15e0a320cc68c30cfb3e3c967b

  • SHA512

    c1d287247453323cdc633f00dc34c4c31459be6f3afef23d950a91b9dbd1008d621439ed8f7362c734a393cc9dc2f2faa9431292eb1e4668270b10f5cf36d276

  • SSDEEP

    3072:k+eEJe+cl3M45sVtFXd0bmxbdT3Ov1pn5eiSIeB:k+Zc9M45sVubclCT5ej

Score
10/10
cobaltstrike0

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://139.9.198.241:80/visit.js

Attributes
  • access_type

    512

  • host

    139.9.198.241,/visit.js

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEOcPLEmBQmrfu31fH5XatJsqg4NZy9DEbXiFM4usXMIWkGJO4OMtCQ0hHtN+b3lYI3U4EeNReTegyWCxrHqYGSTsL+w+OVnvjpMowVS/QL+2XNjCX3Zeol3HL79qA++Tr/BHh+N+H5MgtJly4lrH+AhaVI1+fnb29MmN8IisB8QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)

  • watermark

    0

Targets

    • Target

      56aeba50c0d33a2b27b8c358d93db256d72a4c6896dcbe4e57e8380c99d93a74

    • Size

      256KB

    • MD5

      649644093ab7a3820e0e28d839949218

    • SHA1

      fb45e3e1f300199d76342028b9e59a785164ff30

    • SHA256

      56aeba50c0d33a2b27b8c358d93db256d72a4c6896dcbe4e57e8380c99d93a74

    • SHA512

      67057398097ff8a92c3be2043b48aee2f7deb1788aabe9a5ed3990f5b43d5bdeb82264fad902c9c3bb0043fc079408933661bb9e1306954eb1158b209f935ac3

    • SSDEEP

      3072:4r+U7LVLn1BFdjGQX8dbDCRUCnhqxmTy1WOeJfUuIRrT10ZFPjEzcuT5cxAgYJuf:4r+USu+WOeOTCjLEIuTNg7W2

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks