General

  • Target

    02.08.20226.exe

  • Size

    208KB

  • Sample

    240829-nqzf1ayhqg

  • MD5

    c0f258f9287226d4e758da7535a43563

  • SHA1

    234e4d332889c654474ebcef253be71eeeff1a52

  • SHA256

    3903806c0252aa0f9da08b5bdd7eaa4906dd629b2d2f2efc6b545d887dcf7a41

  • SHA512

    d3f668695657687e3eb8db5f15870856800d06f9f9ca9b30abded831d502233afc2a95e97754072fb656c73c3e9264a402f792770f62944e24fc180e21e9aa4a

  • SSDEEP

    3072:+r3UzYPNgNkb8pj7H7SVXuuK8oEMup60bXQpwgvT0n/bnoABVlK2fDTVtDloxiLy:gkyNx8pzQuWoEMus0ngwn/b5Bb7ZnGey

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://162.209.178.186:38433/accelerate/Members/9ZBUKM2FCT

Attributes
  • access_type

    512

  • host

    162.209.178.186,/accelerate/Members/9ZBUKM2FCT

  • http_header1

    AAAACgAAACtBY2NlcHQ6IGltYWdlLyosIGFwcGxpY2F0aW9uL3htbCwgdGV4dC9odG1sAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGFyLWR6AAAACgAAABxBY2NlcHQtRW5jb2Rpbmc6ICosIGlkZW50aXR5AAAABwAAAAAAAAAPAAAACwAAAAIAAAAYc2VjdXJlX2lkXzM0UEJYNlhLSEdQVjM9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAADRBY2NlcHQ6IHRleHQvaHRtbCwgYXBwbGljYXRpb24veG1sLCBhcHBsaWNhdGlvbi9qc29uAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGFyLWFlAAAACgAAABxBY2NlcHQtRW5jb2Rpbmc6ICosIGNvbXByZXNzAAAABwAAAAAAAAAPAAAACwAAAAUAAAAJX09LU1FZUEJEAAAABwAAAAEAAAAPAAAACwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    12288

  • polling_time

    74518

  • port_number

    38433

  • sc_process32

    %windir%\syswow64\gpupdate.exe

  • sc_process64

    %windir%\sysnative\gpupdate.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO235OoFjyLfEeyRgtQoAoxN81x2t+vFHHSLCyCELnqJZSbUH71/tTs6bcO0RUWGX7lWaRSFSafxWypnwB3vgNs3DFSTlz5xKL1hs/vx+nuWG7ucJZZkR5c7wZY0yuY9gQbGnf7MpcOS5rQ1fx1FCR84Ra89r28fZhB5279VAhLQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.42349568e+08

  • unknown2

    AAAABAAAAAEAABN3AAAAAgAAEzYAAAANAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /Divide/v5.33/S2Y2T6HM

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.0 Safari/537.36 Edg/80.0.361.0

  • watermark

    100000

Targets

    • Target

      02.08.20226.exe

    • Size

      208KB

    • MD5

      c0f258f9287226d4e758da7535a43563

    • SHA1

      234e4d332889c654474ebcef253be71eeeff1a52

    • SHA256

      3903806c0252aa0f9da08b5bdd7eaa4906dd629b2d2f2efc6b545d887dcf7a41

    • SHA512

      d3f668695657687e3eb8db5f15870856800d06f9f9ca9b30abded831d502233afc2a95e97754072fb656c73c3e9264a402f792770f62944e24fc180e21e9aa4a

    • SSDEEP

      3072:+r3UzYPNgNkb8pj7H7SVXuuK8oEMup60bXQpwgvT0n/bnoABVlK2fDTVtDloxiLy:gkyNx8pzQuWoEMus0ngwn/b5Bb7ZnGey

    Score
    1/10

MITRE ATT&CK Matrix

Tasks