General

  • Target

    tcp.exe

  • Size

    281KB

  • Sample

    240917-jrgkcsscmc

  • MD5

    2ed1a0c133119462762b51992a94b14b

  • SHA1

    6823245d60fb14a67ddf88089a63e0b13069ef2e

  • SHA256

    956145b09b907ecbf4063ad62328aecbb87ff2c244e21744ea850da260340f8f

  • SHA512

    e03d288c01063deb1a46d367620887a8671b6f681a512322b51508c65449d48edc9b77f034197f5112b0aca914c827cf3f841f6a2adb348328e59c24b9662608

  • SSDEEP

    6144:lCjS12joqVHARC/UtB2XP41+zog2e4n14asEz0Ug:cS1QJxvesA1Fe4n14LEzXg

Malware Config

Extracted

Family

cobaltstrike

Botnet

1234567890

Attributes
  • beacon_type

    4096

  • http_header1

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • polling_time

    10000

  • port_number

    4444

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIAEw66xXjTaepQFzz07dWBCjlHGakozP7Zy3n/v+0PbBcDyexo5RNcaXSJGeOurQSDplNgpZwAAMKAg08dEFVnAXovqZzjq2gOmLq+IbTZV+m/0FEdztkt5tlICBInxHzcMoMmKv957nfm+1r3bSGgDtxgQfYty+cmdKQvWJS+QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • watermark

    1234567890

Extracted

Family

cobaltstrike

Botnet

0

Attributes
  • watermark

    0

Targets

    • Target

      tcp.exe

    • Size

      281KB

    • MD5

      2ed1a0c133119462762b51992a94b14b

    • SHA1

      6823245d60fb14a67ddf88089a63e0b13069ef2e

    • SHA256

      956145b09b907ecbf4063ad62328aecbb87ff2c244e21744ea850da260340f8f

    • SHA512

      e03d288c01063deb1a46d367620887a8671b6f681a512322b51508c65449d48edc9b77f034197f5112b0aca914c827cf3f841f6a2adb348328e59c24b9662608

    • SSDEEP

      6144:lCjS12joqVHARC/UtB2XP41+zog2e4n14asEz0Ug:cS1QJxvesA1Fe4n14LEzXg

MITRE ATT&CK Matrix

Tasks