General

  • Target

    acbd388e4386386eda3683ff89d59ef46c97f6ee62ad635e15315b0f31a4b0d2.zip

  • Size

    127KB

  • Sample

    240731-y3khqawcrc

  • MD5

    d2ac98cd034cbf15c96861e2b9f74853

  • SHA1

    6daf38a857e8c0a4d2ef2c2b978dcd05e5c0d40e

  • SHA256

    f07b0bacb553325e4733c431899f722eaa707f09c3dd2aa762d989f5664c4f05

  • SHA512

    7458041635badea7d32d84ddb84c13e88046dc78af9847e24d8fcfc006f4702ab502954028d19d767465fa44dc04d2691e8214dba333a7ad45ed4f98fcaf5b82

  • SSDEEP

    3072:3vkk6J/fMgXTEPE48DDaO6uX84jsNCGms4jYhLwYE9Wz:3snMgjH4nMX84jsEvLMFQIz

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

C2

http://192.168.1.6:7893/g.pixel

Attributes
  • access_type

    512

  • host

    192.168.1.6,/g.pixel

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    7893

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvC8dqkGvHNyHHB3zeX8FghV2kfQSgDCwtqbd6OywJ9xJXrVaebPTUnCwlhecudTz3wWEqhAHIoYe2Wi+iViWQixz4wKGM3u2/XP4JumYtX0h2XpPp5mWXfim413DqW1/a7Dr8F1kwyAea0y7jqNiAckfYSoyWv1Cz9t/K1hDKtwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1

  • watermark

    100000000

Targets

    • Target

      acbd388e4386386eda3683ff89d59ef46c97f6ee62ad635e15315b0f31a4b0d2

    • Size

      260KB

    • MD5

      37edfe606feecc1542943bdb323d1aec

    • SHA1

      edc291ee05d3ef1c6c5f4148703bd6b5201ae970

    • SHA256

      acbd388e4386386eda3683ff89d59ef46c97f6ee62ad635e15315b0f31a4b0d2

    • SHA512

      b142ba309f594e08f32c83ca157c80f086035828afa55290afd6c7e2417b0e2697a196742db64c1bc781fb89cfa4d3d2ea450dcf77b2160634ffc99b72774071

    • SSDEEP

      3072:ksYckn3Xzq4IDwSK2Mbn/gprBJwJNJsCwQTIfXouPruOOTRO9BQYJerCoC:ksYwjwIGIprBJweGTIDjhOTRIQ8h

    Score
    1/10

MITRE ATT&CK Matrix

Tasks