Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5a8c69725f2277810be2ccd20af259b47c1d6bf3073eb3f3bce6b89754e80bbe.unknown

  • Size

    208KB

  • Sample

    240917-gxnvhsycmp

  • MD5

    6a899c0ae882f97f4e57fe101489aa3b

  • SHA1

    334d2645cb6623b5109714aa140c8020c02e79b2

  • SHA256

    5a8c69725f2277810be2ccd20af259b47c1d6bf3073eb3f3bce6b89754e80bbe

  • SHA512

    763723bcdd6f97138fa398369d2ce0f7facfc0af515725f1a40bf74ab6057f4d3e3db30155c141607709af42d00b62a5c22d3284d3d8c6a3af7d9875d4726f56

  • SSDEEP

    6144:+Wj+6fUTNc47FrDsiKSFb1dp00Ga2BotzEhneZ7:Jwc8tHE0OA

Score
10/10
cobaltstrike1873433027

Malware Config

Extracted

Family

cobaltstrike

Botnet

1873433027

C2

http://127.0.0.1:80/fwlink

Attributes
  • access_type

    512

  • host

    127.0.0.1,/fwlink

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaga/TLq/slUlfcsgmtvN49xQIqFvNpkjaJkL+MGp0uyl2jfudA69Zl8CIlIS1Oob6FNBdtvD1CpMS26gz3lWu95uSFzpl4/MKD6MqHjJXsY2NZY87cRoYcZ3cw9eHSEV5gYyDZaA1ya/eu7vC0FcFGf4ipUMTcFiA1WeXpayPkQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; yie9)

  • watermark

    1873433027

Targets

    Tasks