Overview

overview

10

Static

static

10

02.08.202230.exe

windows7-x64

02.08.202230.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    02.08.202230.exe

  • Size

    208KB

  • MD5

    8e4d4dfe15a30ea41a75cc71c74e17a2

  • SHA1

    921530dedfb1ec8f5e6edaf87b36748e5e511b87

  • SHA256

    aa30a68701f4a9c0496a4f36d1f0ec6191e37c325f13b52a8ce6dcecbae6df3b

  • SHA512

    6d5885abae554585b48cf5b726a858878b492c92bbb2f2492bcee77bb49c420a5240b1dbbb2df15a25fde28b749ec32d92e276225120bbf27d6816941cbe96ec

  • SSDEEP

    6144:ANJdvr3mTWPIw0VX9Asjuh1zdddddddddddddddddddddddddddddddddddddddT:ANJdox+SuhXpzrRD3

Score
10/10
100000cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://120.53.250.9:80/CWoNaJLBo/VTNeWw11212/

Attributes
  • access_type

    512

  • host

    120.53.250.9,/CWoNaJLBo/VTNeWw11212/

  • http_header1

    AAAACgAAAEBBY2NlcHQ6IGltYWdlL2dpZiwgaW1hZ2UveC14Yml0bWFwLCBpbWFnZS9qcGVnLCBpbWFnZS9wanBlZywgKi8qAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLWVuAAAACgAAABZDb25uZWN0aW9uOiBLZWVsLUFsaXZlAAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAcAAAAAAAAACwAAAAEAAAAML1VUV09xVlExMzIvAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAEBBY2NlcHQ6IGltYWdlL2dpZiwgaW1hZ2UveC14Yml0bWFwLCBpbWFnZS9qcGVnLCBpbWFnZS9wanBlZywgKi8qAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLWVuAAAACgAAABZDb25uZWN0aW9uOiBLZWVsLUFsaXZlAAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAcAAAAAAAAACwAAAAEAAAAML1VUV09xVlExMzIvAAAADAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    5

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzzGleaSs6lOmxYjP8DFii0oZNoOsoijh0AdsjBaxBBj+WE5o6K2sgtlnyj9z5TOI3Ih39H/rNHLRaA7EGDMm1+Pq7os3CvNL3sW56BOoOcL/sr3hIlvbpxdpR1jQWPDc56DNZkvvqkEs6bCIRUKlNc86Ir/vAcR0aItdip417CwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /CWoNaJLBo/VTNeWw11213/

  • user_agent

    Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)

  • watermark

    100000

Signatures

Files

  • 02.08.202230.exe