General

  • Target

    105c29188f5ff4d8f1404d16bf089711408dd4e1386874574766e15390146dbb

  • Size

    128KB

  • Sample

    240815-qm63sayarr

  • MD5

    8f64c49e2f503432e758bd3c724894c4

  • SHA1

    1316e01adc02695b88c1008c99090b34fd7a4e3d

  • SHA256

    105c29188f5ff4d8f1404d16bf089711408dd4e1386874574766e15390146dbb

  • SHA512

    971acebf672dba705549ab5202ea038877df73c3db49bacb595feade38df8bc5453bd95238ba359af45e14817e4d04afb49ebb6707143dce8f74a3534730a1c6

  • SSDEEP

    3072:hMbfWEDghtBXhMqMKn2gvWETXH1x9eVhOTRpX6cJcdC5rOzRr2wUdjyw+:iTWEDgHLMgnfvlTM8x629srWyV

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://192.168.56.142:80/cx

Attributes
  • access_type

    512

  • host

    192.168.56.142,/cx

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGf0L/iDIHROom1o1nFBzIn+eawfZKQKNzxBzJMU1SidY6+PUSIJqQfRMtNR32g2x34Ey+S85ElmMkFLfhPqjQlZq2Di4gfo3a8Iw6v8lKGbfSFqmM5xNi1N8J+qQXj/a4ryYzAvLOEIOa+iSg6dBWgjYs9vMdKxWozgwrx5o3eQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASB)

  • watermark

    100000

Targets

    • Target

      edd46bcff3891beadcb4e07badcca192c98ad42fe2db00f651a0614e7f8abcb0

    • Size

      260KB

    • MD5

      a75b871279ab169009614ae1bff0ff37

    • SHA1

      811e4cbe16961b0ba415ec148040c2f4d47ce22e

    • SHA256

      edd46bcff3891beadcb4e07badcca192c98ad42fe2db00f651a0614e7f8abcb0

    • SHA512

      bdbd6514457d71ba87f02d00870c4e517a4804c5602c5c50c6da77dc88590a6776e0f92569bf4c88c294315fd31e9a4978d7d1ef1882f6d6db3d00980d6fe8a4

    • SSDEEP

      6144:uJqVG5d1IpMyibgkTZI6jHID90axBXtH/:u3d6tevoxBBXh

    Score
    1/10

MITRE ATT&CK Matrix

Tasks