Overview

overview

10

Static

static

3

9b58eafbe0...cN.exe

windows7-x64

10

9b58eafbe0...cN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b58eafbe0c566cc3be67e6cc902d9f9806581a16c593a56d9e7f8ee6cec056cN

  • Size

    289KB

  • Sample

    240926-ysff1svhnr

  • MD5

    c66f003401f2c0fef2aaa9ff46172f60

  • SHA1

    9888d5bf1721ad132dd049fe17440ccf43640228

  • SHA256

    9b58eafbe0c566cc3be67e6cc902d9f9806581a16c593a56d9e7f8ee6cec056c

  • SHA512

    29ca3a218fc9143595ff08304e4ec0befe387b15ccf85af4c76db99a7d4cbefcc513a5b82e33d828075598ebcf273adf5f48f62176792b83e1d9d2e9c6ad92ab

  • SSDEEP

    6144:g8n7HmAjEfU52nKtv+1tu/CZDnTcBcRW0rn03kUIFRCk:g87HTjEfU52Ktv+G/CBZR/0UUIyk

Score
10/10
cobaltstrike391144938backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://121.40.55.28:8088/cm

Attributes
  • access_type

    512

  • host

    121.40.55.28,/cm

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    8088

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCZ5wRHzqaDNuwjIXlaYz8honzSfl1vbbfUCVAGMNQToqYu7oQZ2gG0NMSMSbbOrlDpe3nmmD4MNZrRF6Afr2A61dH9xo6Fwk8Yx2TDcJkLEXj7lQhOjfd/CrX4z1MO0C5mg6cPoy5mtSts8o7EoXQzYSxwt7ZI9Cil7gzLUKiEwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)

  • watermark

    391144938

Targets

    • Target

      9b58eafbe0c566cc3be67e6cc902d9f9806581a16c593a56d9e7f8ee6cec056cN

    • Size

      289KB

    • MD5

      c66f003401f2c0fef2aaa9ff46172f60

    • SHA1

      9888d5bf1721ad132dd049fe17440ccf43640228

    • SHA256

      9b58eafbe0c566cc3be67e6cc902d9f9806581a16c593a56d9e7f8ee6cec056c

    • SHA512

      29ca3a218fc9143595ff08304e4ec0befe387b15ccf85af4c76db99a7d4cbefcc513a5b82e33d828075598ebcf273adf5f48f62176792b83e1d9d2e9c6ad92ab

    • SSDEEP

      6144:g8n7HmAjEfU52nKtv+1tu/CZDnTcBcRW0rn03kUIFRCk:g87HTjEfU52Ktv+G/CBZR/0UUIyk

    Score
    10/10
    cobaltstrike391144938backdoortrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.