Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    download.dat

  • Size

    255KB

  • Sample

    240920-t719tawflf

  • MD5

    b891973576a20bd786cc5144152dd89b

  • SHA1

    76e90bda364d331f592d3d318e645446d4a74cc6

  • SHA256

    fe143d2a4e74094c076bd72bd144ee1cfb4764bb62545a252113bff470011123

  • SHA512

    5e0068152615b2ad9ce5afd3a09013346c2aa27a38bfef505366aa5635729b1e21a2a6ffb238122347eed875fb5c4bc56aaadf3ea61f86e22ab3c544dd398f37

  • SSDEEP

    6144:ROre8kPd0EQIp1s4/q3C1BIAFzm50xJKoQGX:RWIPd0ENbsEq3C1BHFq5CKoQ

Score
10/10
cobaltstrike305419776

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419776

C2

http://aicsoftware.com:757/templates

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    aicsoftware.com,/templates

  • http_header1

    AAAAEAAAABVIb3N0OiBhaWNzb2Z0d2FyZS5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAANAAAAAwAAAAIAAAAUd29yZHByZXNzX2xvZ2dlZF9pbj0AAAAGAAAABkNvb2tpZQAAAAkAAAAJbWFyaz10cnVlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAABVIb3N0OiBhaWNzb2Z0d2FyZS5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAACwAAAAMAAAACAAAABHllcz0AAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    9472

  • polling_time

    62518

  • port_number

    757

  • sc_process32

    %windir%\syswow64\regsvr32.exe

  • sc_process64

    %windir%\sysnative\regsvr32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTgLGIvbpnfCb/itwv1b3pfVlfzKp7OJvlLCx21brRU3EF8QXjMD8Dsp5t0wZjZ8WRRiSfkU5KoY2ARexF3Jbd3W4O243q1gdj3t6aphyIIcgEX3MUWC71J7gZH+DIMf/LdVZFh76Oz1bPk4lz8s723kIunh59yajMHMUgrsM3HQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    5.44480256e+08

  • unknown2

    AAAABAAAAAIAAAJYAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /favicon

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9

  • watermark

    305419776

Targets

    Tasks