General

  • Target

    7cbd43145447664f34328a2d9b72b0e1dcf84f3c36e8e3053500f2f4c3eb0193

  • Size

    274KB

  • Sample

    240821-fpm3ksvcpr

  • MD5

    c9f2270d6ba73ae495ea1a80c90090bd

  • SHA1

    ec4b4a4f417eddb57f941ca7e87e91dc3b21b390

  • SHA256

    7cbd43145447664f34328a2d9b72b0e1dcf84f3c36e8e3053500f2f4c3eb0193

  • SHA512

    ec6bfe39f7ce725d8a702532c0d315d59160f457125d41ba70e32c797b69d5e846eeb9aa9b8bc33face6e7b76a66ed07e91814f96c077ed2d47fb40d9731c84c

  • SSDEEP

    6144:vDNIch6ku4scdt3JZj1QsF7SS5Z7Ywnf9z7c6eDwLtvxXJjY:vJfRbdt3JZzF7h7Ywnf95aQtvA

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://47.115.172.218:443/jquery-3.3.2.N2cQ4mXdZ4nIo9XIhttp.min.js

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    47.115.172.218,/jquery-3.3.2.N2cQ4mXdZ4nIo9XIhttp.min.js

  • http_header1

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADQAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAAFAAAACF9fY2ZkdWlkAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    5120

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtcEKbU2GUX47c39OcXM8GykZpnPbtbvWpnSSJYnxB6S+wqD6MC8fpIFHxMud2fFgFP2cUr85gYlTDs5fO77bYx3VsX+sUo5x0r2nbcubIIWXuVfebyrjkeKMszZHXmpZZ6KObRcs4m19vL7TfiZCYJOlb/HRQHYjJ1ofzZC/U5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.234810624e+09

  • unknown2

    AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /jquery-3.3.2.N2cQ4mXdZ4nIo9XIhttppost.min.js

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

  • watermark

    100000

Targets

    • Target

      ϳֵⷴ/edputil.dll

    • Size

      264KB

    • MD5

      57d5adebf65bfc93aec88891e00a9ff9

    • SHA1

      ab0ff6d37852ab4fdcde8a2a626cabe87c525a19

    • SHA256

      642235e3cf5b4ef91de700d416c797c676554dbbbaf10cb9e921ce7de4b2014e

    • SHA512

      d427d981ff7a52ff97191925b98b509a9056b36efd697f4d7de1b768b69d1323fc848094734bb2707f9f2b52a6faf4264b395ef23dfdcad68edfd34b05e96074

    • SSDEEP

      3072:poQ8JZN08OrN7iVKo1yEIXy+tXZMlDDZU71ylc7+VzqwRpoY46drl7lvq2v41SQ3:SfO8oNuVJyEIXttXKpq3psohmlNWSQ

    Score
    1/10
    • Target

      ϳֵⷴ/ϳֵⷴ-------------------------------------------------------------------------.exe

    • Size

      11KB

    • MD5

      1d27f61cc5d659247d2e0c111c5386de

    • SHA1

      d35657cad7fe1986ef049ea5094d601b2b7f87e6

    • SHA256

      ee25f7a64b299968be5109c6ab8d692cebe12ff7bbafebf53918787c602f104c

    • SHA512

      de350cbc1c72e779c71b2f7e2fcdb2fc18f98dff4ce5eb42b85830df378aa7c0c348a4064b98d6f1ec0fe370bbe82936b6fe12e683aeadb30acbe9ad71f61001

    • SSDEEP

      192:pM4fN8IBUmrj0DyC8RRvWAT1qWUdguUthWxu/EWrOW:K4CIBz0uCEBWAu9coxu/EWrOW

MITRE ATT&CK Enterprise v15

Tasks