General

  • Target

    604669f454d2c12eb0493863187628c959ae5e6d5ff205cca5b121faba0a75a6.zip

  • Size

    130KB

  • Sample

    241005-b9zjwssgnb

  • MD5

    d4108d0bd023a1acdfa6337d71c6089c

  • SHA1

    4d5acd3a46e36b7f2af280ef39125acb8451fe42

  • SHA256

    760622f99306688b6400a9477d2286a8c009d7bcbde012b9657c9e85a1bff329

  • SHA512

    c75229934e17ef3a67fbe15298724acbe6d25942c34194cca9dbe883f7228d0ebf6c6a222ff7123ac14ed3f62f51d88960651013af9099fe38be5a6eed2dfbee

  • SSDEEP

    3072:YrOjUYO5oZbGfRgmwn/CJgPhIw6Vvxk+5RSRQg37ex5wL0q:YrOlOGEPLJgZ0vxk+zcQ4Lf

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://10.107.200.22:8899/en_US/all.js

Attributes
  • access_type

    512

  • host

    10.107.200.22,/en_US/all.js

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    8899

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCalhSnEGN0cKKJ3tE0i/ug7JpdKoSdL8LxY6i+VlRvC+hVxbJCkAZku1+PT/4UmT62lytmdE3/bwI1sf3/nJ4KXPrSgvCd3zuTwM911Ka1QaBH4LCRsg/0gJKGR3RWCGEgbv2zY3E7spsBASlmMdT3okBfKsPy0ljcpQsoHstlQwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)

  • watermark

    391144938

Extracted

Family

cobaltstrike

Botnet

0

Attributes
  • watermark

    0

Targets

    • Target

      604669f454d2c12eb0493863187628c959ae5e6d5ff205cca5b121faba0a75a6

    • Size

      272KB

    • MD5

      af878c8740abffe1a8cd52a484a297d3

    • SHA1

      485586e13b2ff5a1f7c52fd1e52cee4799989326

    • SHA256

      604669f454d2c12eb0493863187628c959ae5e6d5ff205cca5b121faba0a75a6

    • SHA512

      6d4f351e728cd528313362afbf306cde7a8ed8754e417531801641c2722e783243ac0f5d31edb1763f9e840ad0d5e1d3fd7097f5ac0188ae7fc2affa48fb1289

    • SSDEEP

      3072:rzbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnL7zoGIkfhUYJF6vzHkm:rzbUWootfDCvT4ZTXzCLTIk5UDhrKM

MITRE ATT&CK Matrix

Tasks