General

  • Target

    da4f63d0b2b74e793c0b4c721c3d999e777fbb9b1beba243722a834c0d9347aa.zip

  • Size

    127KB

  • Sample

    240802-1418zaxdmh

  • MD5

    b7b297b95ac37abf65ba4d1f099bb3a0

  • SHA1

    0e235f10b1b97da2d138d38be05a4ca329dffdad

  • SHA256

    3cbc6867ace649a9738e6d5e870240e263a7dfc9061188d97dd29ac812c6d1ce

  • SHA512

    615c37621617c79a53d4f345b0576a222d932ce67fa63943673a03955e2e6fd03757e10890fe171014801d7bd8076c73f673feca3d051f04c7a8485d6a2c1e2d

  • SSDEEP

    3072:Qoa8I35SoqwUz9IW2/osc28XbpVhevo791Vtn:QoGMLwUzI/osc28Xbbhevo7fr

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

C2

http://192.168.0.101:80/g.pixel

Attributes
  • access_type

    512

  • host

    192.168.0.101,/g.pixel

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEtTBpLeyE18Y56vdbepi+Pdk+1tDrdE8JzHK8k5YIzJ5/ov646BMbQ91LaoohZDk9UBHuklE24FxIBiwXmRMwcU3sFZ/i7GOodebv6DQdcYlWrJlsszieS6S+2RjpKhGOZqBDGOD7mFMkV8/ypfMrdqBhNLvdkulX3L4fPntEoQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0

  • watermark

    100000000

Targets

    • Target

      da4f63d0b2b74e793c0b4c721c3d999e777fbb9b1beba243722a834c0d9347aa

    • Size

      260KB

    • MD5

      148eac87ea95de7e7104179732a3fd87

    • SHA1

      67ebc4006240acae1de5733f1c679c911db5d72b

    • SHA256

      da4f63d0b2b74e793c0b4c721c3d999e777fbb9b1beba243722a834c0d9347aa

    • SHA512

      74070146d77c0188a6a60c23a314397f1a19772d9b99e77fcca6fe9365d4955223ffdef036786beb571f2e5b53032d11e4c78523914bffc94450edc543a1bd87

    • SSDEEP

      3072:ksYckn3Xzq4IDwSK2Mbn/gprBJwJNJsCwQTIfXouPruOOTRA9BQYJerCo0:ksYwjwIGIprBJweGTIDjhOTR2Q8b

    Score
    1/10

MITRE ATT&CK Matrix

Tasks