General

  • Target

    db60bab09afc31846c084b0199e4d5510e2581d454f47b03af73d08750627e4b.zip

  • Size

    112KB

  • Sample

    240730-f7pdcsvbjk

  • MD5

    bac798a05e8f53289b101f866d95b940

  • SHA1

    8794b5421454b0156ca84cb8b6f7451328950a4e

  • SHA256

    fad59f9676a99b1abd3e05e3cd4b20113c71784904527e5cf58daec128978099

  • SHA512

    4009b75fb9d632994bf2797b4fe2fa31ded11c9df7f5607d3ced95f21df4b130050a6d197454795360158ade169d68d2ddb87470a2ab8414d817f8cae96fa881

  • SSDEEP

    3072:9OpTvad5Z5HAupw9x5xOkaTtmH2un3r9Bs/GkhXTygT1:IFv80B9x5x7aTZ0zGGkVT1

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://104.131.8.20:8080/g.pixel

Attributes
  • access_type

    512

  • host

    104.131.8.20,/g.pixel

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    8080

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtCn5iCi+YLOzSHzWWGn0CAC/24ExcoUg5jIv7S+rccrM37+W3/gIZ+1T5oX1w/T0g48YrU+loE6CwdwRc1LfvnnQ0UKhbqNJbtlUAwAvNzQBZTVTQ2iSCmCfLtaZCSOCCFlwCTduzHhF6aaSYk9MAbos7dPjIpXe5atK5+K8EzwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)

  • watermark

    305419896

Targets

    • Target

      db60bab09afc31846c084b0199e4d5510e2581d454f47b03af73d08750627e4b

    • Size

      204KB

    • MD5

      782e761b494ccbb1ec3f733f185b2fe3

    • SHA1

      2cb7cd144d81c7312943c953f25273359cadea1a

    • SHA256

      db60bab09afc31846c084b0199e4d5510e2581d454f47b03af73d08750627e4b

    • SHA512

      22a9b25b903bff7794646fe7574c1777fe9699738e7cffff590c260192126f274e5a56941ac69d02ddd4d85e7b19ba817ac5a0864b17690f7bc358879580da1f

    • SSDEEP

      3072:5dFna2JSkcrnYSdM50RAXSPy0qUiS0Lxh5H4evyzUhjQUB5gK:FRYkcrY4MCIt07iPlvU0jJ

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks