General

  • Target

    9bcd698afd65cfbe4055bbc9fa422a7c91036271030742d87c0692fac3451f99.exe

  • Size

    278KB

  • Sample

    240827-v1ww7atdnl

  • MD5

    25d478e342e008dd413f4848ac658ac2

  • SHA1

    ebc1a3559c3aab78d7938eb813a097a33ce9b644

  • SHA256

    9bcd698afd65cfbe4055bbc9fa422a7c91036271030742d87c0692fac3451f99

  • SHA512

    3a2b526b6ec9af323861a7ed50450fb59bec7a3f10901b8693a5867c7015a955181cd7bd12736ed9b79edebe9a3446a1170b028d1575b40184b2ad80bc512274

  • SSDEEP

    6144:9RZNvy73NVABaJ7A2maGGjOE50ZtgUqNV6iKG1PPMi8:9DEBVABaA2mQHKqNVvKmF

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://35.77.89.242:8080/fwlink

Attributes
  • access_type

    512

  • host

    35.77.89.242,/fwlink

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    8080

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHn+kbPGo0aH+74MCdsL/52BoTLiFIoINii06LlHZVoRdzayR61e/+abuWmL1tkVUG6qo2lvKTYrsMpdDRL4dOg0FQZogutmHPZF7PRAgJXk3nA1fspmqHpQfdGW3sE47JKQInXqwQE3cTi3tNXQL9C4wKO2+COtn0Q9xYwFaOpwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)

  • watermark

    100000

Targets

    • Target

      9bcd698afd65cfbe4055bbc9fa422a7c91036271030742d87c0692fac3451f99.exe

    • Size

      278KB

    • MD5

      25d478e342e008dd413f4848ac658ac2

    • SHA1

      ebc1a3559c3aab78d7938eb813a097a33ce9b644

    • SHA256

      9bcd698afd65cfbe4055bbc9fa422a7c91036271030742d87c0692fac3451f99

    • SHA512

      3a2b526b6ec9af323861a7ed50450fb59bec7a3f10901b8693a5867c7015a955181cd7bd12736ed9b79edebe9a3446a1170b028d1575b40184b2ad80bc512274

    • SSDEEP

      6144:9RZNvy73NVABaJ7A2maGGjOE50ZtgUqNV6iKG1PPMi8:9DEBVABaA2mQHKqNVvKmF

MITRE ATT&CK Enterprise v15

Tasks