Overview

overview

10

Static

static

10

02.08.20222.exe

windows7-x64

02.08.20222.exe

windows10-2004-x64

Resubmissions

26-09-2024 14:46

240926-r5kg6ssfjp 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02.08.20222.exe

  • Size

    203KB

  • Sample

    240926-r5kg6ssfjp

  • MD5

    0632a48101c8bf9a05266f50076ac9ea

  • SHA1

    732e0a5708fd0564722eeb36c4b7bd09c54acf96

  • SHA256

    04f032626f908c56269833e3d58fa23fb0e3d344e8c93b5e46120dfb91327e2c

  • SHA512

    ae06efdafdf262102706883a785a8e5080ca6c90215ea3313c52c9b3c886fc736dece5c2d3b1799c204ae021007ee73a5a3aff38347dcfdbe67258957f817226

  • SSDEEP

    6144:r6R6CeYXV3wMo5iHtoRj7hh/DTy4xY6cgCDA3:r0xe23ToetoR3hh/Dff

Score
10/10
cobaltstrike1359593325

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://43.140.200.250:20000/dot.gif

Attributes
  • access_type

    512

  • host

    43.140.200.250,/dot.gif

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    20000

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQdtUYOrK+6jTU2exqJ5sM7JhhgRFOQP3GD6dqNOLX90e8ReapdGLIqOeawM4rSR2U7C6IBwI0SgjNEzVXCVnWmt9eVLpdVwq/rGdVZTFfcYJ6IdpJabTBIq5JdxfeIrMs2ZtllIIMxQsDN9RMGiStrS7IN95OzIMc1PE1XQSnKwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)

  • watermark

    1359593325

Targets

    • Target

      02.08.20222.exe

    • Size

      203KB

    • MD5

      0632a48101c8bf9a05266f50076ac9ea

    • SHA1

      732e0a5708fd0564722eeb36c4b7bd09c54acf96

    • SHA256

      04f032626f908c56269833e3d58fa23fb0e3d344e8c93b5e46120dfb91327e2c

    • SHA512

      ae06efdafdf262102706883a785a8e5080ca6c90215ea3313c52c9b3c886fc736dece5c2d3b1799c204ae021007ee73a5a3aff38347dcfdbe67258957f817226

    • SSDEEP

      6144:r6R6CeYXV3wMo5iHtoRj7hh/DTy4xY6cgCDA3:r0xe23ToetoR3hh/Dff

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks