Overview

overview

10

Static

static

10

82326a1594...57.dll

windows7-x64

1

82326a1594...57.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    82326a1594ae990c98eabc4c8adaf157

  • Size

    254KB

  • Sample

    240917-s9znbs1crh

  • MD5

    82326a1594ae990c98eabc4c8adaf157

  • SHA1

    868fd604ddd37c96f26000092c6a8ddadc38a067

  • SHA256

    839933baedb8234d0f326110bb03cb6d1af523c32f09c0a87f229e4766bc4ba6

  • SHA512

    61bad99bf5ef71dbe25e1cfa155c30481bfedafa39408df08d8485e12fb25a0ed0a4338f6f60a900b7b63c3fc6dddc92d9bad8e8da6cca0b16053144220d7fe1

  • SSDEEP

    3072:yJwpS2NACV4qAbypuljJGnJYoTjqETdtbsnOfFwXVa/8sxe494YJGaXMgozHnaH:yJwpYVNcn3pTdNe+WXVi8sxV4uYzH

Score
10/10
cobaltstrike305419896

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://49.235.206.130:10005/FC001/JOHN

Attributes
  • access_type

    512

  • host

    49.235.206.130,/FC001/JOHN

  • http_header1

    AAAAEAAAABhIb3N0OiBmdWNrdW1hbi5nb29nbGUuY24AAAAKAAAAFkNvbm5lY3Rpb246IEtlZWwtQWxpdmUAAAAHAAAAAAAAAAsAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAAEAAAABdIb3N0OiBmdWNrdW1hbi5nb29sZS5jbgAAAAoAAAAWQ29ubmVjdGlvbjogS2VlbC1BbGl2ZQAAAAcAAAAAAAAACwAAAAwAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    5120

  • maxdns

    255

  • polling_time

    1000

  • port_number

    10005

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnCZHWnYFqYB/6gJdkc4MPDTtBJ20nkEAd3tsY4tPKs8MV4yIjJb5CtlrbKHjzP1oD/1AQsj6EKlEMFIKtakLx5+VybrMYE+dDdkDteHmVX0AeFyw001FyQVlt1B+OSNPRscKI5sh1L/ZdwnrMy6S6nNbQ5N5hls6k2kgNO5nQ7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.481970944e+09

  • unknown2

    AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /FC002/JOHN-

  • user_agent

    Microsoft Internet Explorer

  • watermark

    305419896

Targets

    • Target

      82326a1594ae990c98eabc4c8adaf157

    • Size

      254KB

    • MD5

      82326a1594ae990c98eabc4c8adaf157

    • SHA1

      868fd604ddd37c96f26000092c6a8ddadc38a067

    • SHA256

      839933baedb8234d0f326110bb03cb6d1af523c32f09c0a87f229e4766bc4ba6

    • SHA512

      61bad99bf5ef71dbe25e1cfa155c30481bfedafa39408df08d8485e12fb25a0ed0a4338f6f60a900b7b63c3fc6dddc92d9bad8e8da6cca0b16053144220d7fe1

    • SSDEEP

      3072:yJwpS2NACV4qAbypuljJGnJYoTjqETdtbsnOfFwXVa/8sxe494YJGaXMgozHnaH:yJwpYVNcn3pTdNe+WXVi8sxV4uYzH

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks