cobaltstrike | f1cfb995e61a9bb62849f91a45a177e26525812b27dce16c69b49585c851565d | Triage

Sharing

General

Target

f1cfb995e61a9bb62849f91a45a177e26525812b27dce16c69b49585c851565d
Size

110KB
Sample

240918-js7sya1brk
MD5

186d269a25243a134a4e9ee3b7ffda61
SHA1

529643f036ed6c7e82984412bca689ead081be4b
SHA256

f1cfb995e61a9bb62849f91a45a177e26525812b27dce16c69b49585c851565d
SHA512

9d0bbf98a7ab6f9c7dc41c45e1b40d939744bb1b0e90cea8e0e5c78fdf982da7731d525fdb0dbfd712374321e0c25c3bfe67620e4148c8004432e9559c2f7828
SSDEEP

3072:/R4xuWci49uVXSqpLXsaPpp6lBtPnnCfxMxOVP7g:/RIceSqVc6z6BnGPVTg

Score

10^/10

cobaltstrike 0 discovery

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://192.168.43.212:80/load

Attributes

access_type
512
host
192.168.43.212,/load
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
polling_time
60000
port_number
80
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfyIaYVGz4I+W4YYrVlqNtuEf2t0+KG6kGX4vBNgsquvkAXHvtwpla6qR6vkBb8An7qWcC41QXJ9M4S/iA/uHvrLDBPmkpBeUxWqULNt3eWL8uTWUZBJ8Lx0CrRF/qLED+325Mo7USf1pQ9Kkx4tsIlZsIPNYJ7aB/1Wm5lWShswIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727)
watermark
0

Targets

- Target
  
  f868304f1578791e42b652accdc30440898d3301450863956d5a9e37e1f36b04
- Size
  
  204KB
- MD5
  
  3a3a5cbfeaadd0bdc0a826a353df177d
- SHA1
  
  6bf501d35c5e306bbc0b6fd0e2212f4223aab392
- SHA256
  
  f868304f1578791e42b652accdc30440898d3301450863956d5a9e37e1f36b04
- SHA512
  
  da91b676de93ac02f3d76cde0357322094a95c69f2a8dade24b9da332608f4433b9bf7233bf45e7866f28be8011fa21de149f008f7e26c686d185fa2bad8eab3
- SSDEEP
  
  3072:CdiFtjEf4gkF6YIc9k8zD9+YMU/cJUO2pmXoD3xFjtU/I549Iz:tJEf1kIYVj1+7U/lbD37jiv
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2