General

  • Target

    6175b315f79136490af350bebb041110541084441797d3cb744a339be99e5f3c

  • Size

    278KB

  • Sample

    240806-2bqr7ssern

  • MD5

    fca81afbe0dc10a82e3789a72dce7598

  • SHA1

    5abca079ba738cb1c79b406d3d70e48c1cc91f69

  • SHA256

    6175b315f79136490af350bebb041110541084441797d3cb744a339be99e5f3c

  • SHA512

    53042a6f32e92e0bb1594d5dc708a3e0159c879bba3be95e48f97c6253d1d13eca5e620f8612f2fc72b2a24095e376a7a89764dda8401dcd934d4673616e4732

  • SSDEEP

    3072:OROdPC9/vTHL5XGX09QN+8NQJ/iX+K2Vn5/YdV0ZxLzfu/ChcW7z3wa6Hfhl+dJP:OROw9DrchuK2V5g0Zcu3o/hl+OV7cb

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://192.168.0.50:3233/cx

Attributes
  • access_type

    512

  • host

    192.168.0.50,/cx

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    3233

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCA+MZxM/r6ULQYrsOZZd4rUAY1n/vmk75qoXdFonCxJIKDmqfjdJYbv6T2Z1RlcxBIb6n2mFu+XITl2W1BKxSFV8ycEdQw+NqAyrNZzeZervqO38Z+nr80IiBTsNY30ej/Sd3LoPZaqsrNHydYS+Sd7XYTBxj8QGXuYsMYhejOYwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSSEM)

  • watermark

    0

Targets

    • Target

      6175b315f79136490af350bebb041110541084441797d3cb744a339be99e5f3c

    • Size

      278KB

    • MD5

      fca81afbe0dc10a82e3789a72dce7598

    • SHA1

      5abca079ba738cb1c79b406d3d70e48c1cc91f69

    • SHA256

      6175b315f79136490af350bebb041110541084441797d3cb744a339be99e5f3c

    • SHA512

      53042a6f32e92e0bb1594d5dc708a3e0159c879bba3be95e48f97c6253d1d13eca5e620f8612f2fc72b2a24095e376a7a89764dda8401dcd934d4673616e4732

    • SSDEEP

      3072:OROdPC9/vTHL5XGX09QN+8NQJ/iX+K2Vn5/YdV0ZxLzfu/ChcW7z3wa6Hfhl+dJP:OROw9DrchuK2V5g0Zcu3o/hl+OV7cb

MITRE ATT&CK Enterprise v15

Tasks