General

  • Target

    69c6a4da5c84e52c1a683cc95b97cd1c25efc670b10e284207c235db0aebc8a0

  • Size

    2.4MB

  • Sample

    241010-mbc4satdng

  • MD5

    1427042cd3d8717890ad16095005c285

  • SHA1

    03df1f7ed0c331748411575b89fc33d2206b1c13

  • SHA256

    69c6a4da5c84e52c1a683cc95b97cd1c25efc670b10e284207c235db0aebc8a0

  • SHA512

    5b0f8bab90fd3f9573a7c161b29731fd73c4128bf88ff799678a0a37d2b88dd373c1e1fe10e1c566be7436f4318e0bdb2a83cf1e9380b56f57d8359a4c4bc9db

  • SSDEEP

    24576:7IG3ZA3L4hu5HIjxg6jlJvGr1Xso5KYD0Kw1WoZDFBdkHOiPjpciHTg6BqLmeP:5pA3L4BjBONYYD0VooJFpiPeQZqLm0

Malware Config

Extracted

Family

cobaltstrike

C2

http://www.googleadservices.org:443/js/bg/li4oWrWOYuSi4ELfacFsfzG-VVTxEzGn5pW4NOt_Yvw.js

Attributes
  • user_agent

    Accept: */* Accept-Language: en-US,en;q=0.5 Host: www.googleadservices.org Referer: https://www.google.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7aa.

Extracted

Family

cobaltstrike

Botnet

1

C2

http://www.googleadservices.org:443/pagead/conversion/16521530460

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    www.googleadservices.org,/pagead/conversion/16521530460

  • http_header1

    AAAAEAAAAB5Ib3N0OiB3d3cuZ29vZ2xlYWRzZXJ2aWNlcy5jb20AAAAKAAAAIUFjY2VwdDogaW1hZ2UvYXZpZixpbWFnZS93ZWJwLCovKgAAAAoAAAAgUmVmZXJlcjogaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAAAKU2VjLUdwYzogMQAAAAoAAAAVU2VjLUZldGNoLURlc3Q6IGltYWdlAAAACgAAABdTZWMtRmV0Y2gtTW9kZTogbm8tY29ycwAAAAoAAAAaU2VjLUZldGNoLVNpdGU6IGNyb3NzLXNpdGUAAAAKAAAADVByaW9yaXR5OiB1PTQAAAAKAAAADFRlOiB0cmFpbGVycwAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAHAAAAAAAAAA0AAAACAAAABTtOSUQ9AAAAAgAAAD9BRUM9QVZZQjdjb1dON3BOMmEtQndudTFncFlWOHhWUzUxNE1sNTRhUHJ4bDVjYnoxLVdKdUxBWE5mN0tjdUUAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAF1BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCwqLyo7cT0wLjgAAAAQAAAAHkhvc3Q6IHd3dy5nb29nbGVhZHNlcnZpY2VzLmNvbQAAAAoAAAAKU2VjLUdwYzogMQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAABhTZWMtRmV0Y2gtRGVzdDogZG9jdW1lbnQAAAAKAAAAGFNlYy1GZXRjaC1Nb2RlOiBuYXZpZ2F0ZQAAAAoAAAAUU2VjLUZldGNoLVNpdGU6IG5vbmUAAAAKAAAAElNlYy1GZXRjaC1Vc2VyOiA/MQAAAAcAAAAAAAAADwAAAA0AAAACAAAABTtOSUQ9AAAAAgAAAEBBRUM9QVZZQjdjb1dON3BOMmEtd0NiV2FtVUhiVnpzNG5lQUFQUnN5cFhLRkpLLUp6bUgxMjRCZXY5eHVFVEJrAAAABgAAAAZDb29raWUAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    9472

  • polling_time

    45000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzt2smKL0MiHpXUwbBIEeovNMKBAQ5l1zjb7CONIOT8icsvZ184SeyzNF/wWZnltrw8wchIdj94xGmQ3r34btCCI4wEPcruDXKKeigWb/OhH6mDtlb6OgwlijRkBxM6nKjpgG8gxMd1VclVxICUczRmnxvYlp2nsPeENhgK11LOwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.58888448e+08

  • unknown2

    AAAABAAAAAEAAAL+AAAAAgAAAcIAAAANAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /pagead/p3p_full_policy.xml

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7aa.

  • watermark

    1

Targets

    • Target

      69c6a4da5c84e52c1a683cc95b97cd1c25efc670b10e284207c235db0aebc8a0

    • Size

      2.4MB

    • MD5

      1427042cd3d8717890ad16095005c285

    • SHA1

      03df1f7ed0c331748411575b89fc33d2206b1c13

    • SHA256

      69c6a4da5c84e52c1a683cc95b97cd1c25efc670b10e284207c235db0aebc8a0

    • SHA512

      5b0f8bab90fd3f9573a7c161b29731fd73c4128bf88ff799678a0a37d2b88dd373c1e1fe10e1c566be7436f4318e0bdb2a83cf1e9380b56f57d8359a4c4bc9db

    • SSDEEP

      24576:7IG3ZA3L4hu5HIjxg6jlJvGr1Xso5KYD0Kw1WoZDFBdkHOiPjpciHTg6BqLmeP:5pA3L4BjBONYYD0VooJFpiPeQZqLm0

MITRE ATT&CK Matrix

Tasks