General

  • Target

    326c2485cb20c9fa7992c69f33ec7bfc00f2a8d441c7d47586c7cd49da2a3682.zip

  • Size

    114KB

  • Sample

    241004-bpdrpawgnj

  • MD5

    2b564e961af64733fcf7994b5460dc08

  • SHA1

    5efc9a0fc058119c348484a4cecd3ad64a356cf5

  • SHA256

    3ac94f893934eb1f716a6f8abb1c55617735afd486fc10d664f88014d55b145a

  • SHA512

    b489297aecf4a19aba450daac706299f23c93d32cfe081b33a1107dce71ff9b7ef2b825ca4d093273918365a3d8518ba1de02d59839f4a0ed95c7fb913d15687

  • SSDEEP

    3072:iJ7pbipCkevl1UtSk5XlmvFM+pYzYKgXB4zEttRobCw8kS:iJ7pb+OUtt5XlB+pYzYKcBMECbCw8kS

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://154.12.20.247:801/IE9CompatViewList.xml

Attributes
  • access_type

    512

  • host

    154.12.20.247,/IE9CompatViewList.xml

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    801

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4MxqU7cj/ZCMxgVy3gtAtiIaVerwkGAt1UJQHKYdQnQU3R9xyaDM4mOW+Jt1KGMLbDzPvfPvet714+SXyUDRncZdH3TuAdUhBeDf9UKeG8V/D41i+OXhX3AhvhPE9g74FKypQDnUL9Wzd/Z5gZ2tKaL8LIIa+fLoyexxqVNXk1wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)

  • watermark

    391144938

Targets

    • Target

      326c2485cb20c9fa7992c69f33ec7bfc00f2a8d441c7d47586c7cd49da2a3682

    • Size

      220KB

    • MD5

      6895606f3e0f0f7aaac564acc04028b9

    • SHA1

      93b5ee3d77b9c5b4bb20725e6b2a2d802afc06ae

    • SHA256

      326c2485cb20c9fa7992c69f33ec7bfc00f2a8d441c7d47586c7cd49da2a3682

    • SHA512

      beade6909741721c5147be257f25ee9d1102cd2a049316eb7c186927c72ab149544e61217e4eee06b76a1cd90eef30e82dbc17231e9c806a5ea1982d580bd875

    • SSDEEP

      3072:MfyTFpXSc43UtiD8Umh8I6lk0bF+EjJeNDU2a7i78nifiRjdUH56WBS:MfsD4ktiD8UI8I66C+6AsXnifujg

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks