cobaltstrike | c8de3fb7db44459d1eb036d3921491201531cfc86bf821f1c2aca02301f0c0e1 | Triage

Sharing

General

Target

66b7c5f6cfbf3fc4e453ef026e373236.virus
Size

203KB
Sample

240917-w5jcbsxhpl
MD5

66b7c5f6cfbf3fc4e453ef026e373236
SHA1

963e4cc7b971b0058468f421a02c864f5652e0b0
SHA256

c8de3fb7db44459d1eb036d3921491201531cfc86bf821f1c2aca02301f0c0e1
SHA512

591c2134741cdaa699ad3c5e95c8c031f91e6a7baac241c9367a12d4772b57b3a2e675910122821923edfe06fa6d4ee57136848def4f398836f9c5f13f2a3b0e
SSDEEP

3072:PYaW8qUEflaASmkDs1oo8CUS5D+u73vqQ+z+F62hAxquMfgj5jdUg5e0:PFHEfoAaDQoo8CUwxTvhU+F66fgVj

Score

10^/10

cobaltstrike 1359593325 discovery

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://lcy2543.natapp1.cc:80/j.ad

Attributes

access_type
512
host
lcy2543.natapp1.cc,/j.ad
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
80
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKZPmOOhXKNmdXeg01XPCYtK+OwxolAjxr283UNp7JEfOP87JMz+sf+LtH7GOMu+sl2wX68Tn5QDdYxyUqJu224/tfmao0HAHZ8z+J+tV1XT4IJPK7q9vT8iFUpU3ur2fO6YBep38jpeh53mx+uZF8UcXS4BCCjmimKxi38N2eZwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1)
watermark
1359593325

Targets

- Target
  
  66b7c5f6cfbf3fc4e453ef026e373236.virus
- Size
  
  203KB
- MD5
  
  66b7c5f6cfbf3fc4e453ef026e373236
- SHA1
  
  963e4cc7b971b0058468f421a02c864f5652e0b0
- SHA256
  
  c8de3fb7db44459d1eb036d3921491201531cfc86bf821f1c2aca02301f0c0e1
- SHA512
  
  591c2134741cdaa699ad3c5e95c8c031f91e6a7baac241c9367a12d4772b57b3a2e675910122821923edfe06fa6d4ee57136848def4f398836f9c5f13f2a3b0e
- SSDEEP
  
  3072:PYaW8qUEflaASmkDs1oo8CUS5D+u73vqQ+z+F62hAxquMfgj5jdUg5e0:PFHEfoAaDQoo8CUwxTvhU+F66fgVj
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

1359593325cobaltstrike

behavioral1

behavioral2