General

  • Target

    8df542ca32d53e106bbf0cf95b17649d0364a90ff84f19e3f7e3704674eb1081

  • Size

    10.3MB

  • Sample

    240823-jta6csvfjl

  • MD5

    c37d97d604d7fdcc4c42a084cd9b53c2

  • SHA1

    0a913a90f8a05c2410f5eea55d3527de886409e6

  • SHA256

    8df542ca32d53e106bbf0cf95b17649d0364a90ff84f19e3f7e3704674eb1081

  • SHA512

    44938120cd8ac259ee7ee9e7522571fd0999531b5acf928b0d1159f9e84a68fb570d641b1a350e5fc06da97a95bb12164473c65ac6618e22ae43e6c3309ed62e

  • SSDEEP

    196608:11pD561IIB0/zRw2pdxfmPXuWDkUzIpHQ2qB7cL:n18ej/zKodxfmvlPBy

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes
  • watermark

    0

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://172.16.90.207:443/www/handle/doc

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    172.16.90.207,/www/handle/doc

  • http_header1

    AAAABwAAAAAAAAANAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAABwAAAAAAAAAPAAAACwAAAAUAAAADZG9jAAAABwAAAAEAAAAPAAAADQAAAAIAAAAFZGF0YT0AAAABAAAAAiUlAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    1

  • port_number

    443

  • sc_process32

    c:\windows\syswow64\rundll32.exe

  • sc_process64

    c:\windows\system32\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXR6dEL2D5D5PA0hFqADKMvQ60p56YoPVQbuEx+kAUCiYpCwNgOc+QWflJNwmd1P+Qqlpsnula1MPg8XFvV1MYBNyzWtyVSkd5+12DwvJ4yQ1itGOOJt/u/dVPodhTlTLl8G//5ibjH/LXduCfPZmQUmL5kApcSCnAe+C21IpP3QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    2.51666432e+08

  • unknown2

    AAAABAAAAAEAAAACAAAAAgAAAAUAAAAIAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /IMXo

  • user_agent

    Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

  • watermark

    100000

Targets

    • Target

      8df542ca32d53e106bbf0cf95b17649d0364a90ff84f19e3f7e3704674eb1081

    • Size

      10.3MB

    • MD5

      c37d97d604d7fdcc4c42a084cd9b53c2

    • SHA1

      0a913a90f8a05c2410f5eea55d3527de886409e6

    • SHA256

      8df542ca32d53e106bbf0cf95b17649d0364a90ff84f19e3f7e3704674eb1081

    • SHA512

      44938120cd8ac259ee7ee9e7522571fd0999531b5acf928b0d1159f9e84a68fb570d641b1a350e5fc06da97a95bb12164473c65ac6618e22ae43e6c3309ed62e

    • SSDEEP

      196608:11pD561IIB0/zRw2pdxfmPXuWDkUzIpHQ2qB7cL:n18ej/zKodxfmvlPBy

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks