General

  • Target

    caf3695d2a2813b2663486cf0886b360850ccecd22bb281b98f226bbe2ad3581

  • Size

    218KB

  • Sample

    241011-g2atfsygkd

  • MD5

    29ebea8557f8d35c0cf947e77c0f88aa

  • SHA1

    e29aceed0b9389ef271c125ddec8c5c6e3071316

  • SHA256

    caf3695d2a2813b2663486cf0886b360850ccecd22bb281b98f226bbe2ad3581

  • SHA512

    b0d0611f188e8acfe11c7c9051cd79c17b5fa076240d05a3cf1b11d5fef460a4abe6a564dd615c31a7ae7a25d53f517ad3e79eb870994e9e2d315046694d9349

  • SSDEEP

    3072:MfyTFpXSc43UtiD8Umh8I6lk0bF+EjJeNDU2a7i78nifiRjdUD5QCBS:MfsD4ktiD8UI8I66C+6AsXnifuji

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://129.211.219.207:443/pixel

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    129.211.219.207,/pixel

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2M3Ui4C//kt/lrDXG0n8RMT5aI51HVsAkcXIHAy6AJ2o1u08O4iZFKE9C/LNOnepLyf7yoawFKF0KIsMFucP1SV0/IwNSESqmx0IUezPQ5Yy+g5vPfsnBV3n7Hx810qfUj6umeHheZ9XH1PutMM1t+1+IDey+slsAdzw8RkSeqQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)

  • watermark

    391144938

Targets

    • Target

      caf3695d2a2813b2663486cf0886b360850ccecd22bb281b98f226bbe2ad3581

    • Size

      218KB

    • MD5

      29ebea8557f8d35c0cf947e77c0f88aa

    • SHA1

      e29aceed0b9389ef271c125ddec8c5c6e3071316

    • SHA256

      caf3695d2a2813b2663486cf0886b360850ccecd22bb281b98f226bbe2ad3581

    • SHA512

      b0d0611f188e8acfe11c7c9051cd79c17b5fa076240d05a3cf1b11d5fef460a4abe6a564dd615c31a7ae7a25d53f517ad3e79eb870994e9e2d315046694d9349

    • SSDEEP

      3072:MfyTFpXSc43UtiD8Umh8I6lk0bF+EjJeNDU2a7i78nifiRjdUD5QCBS:MfsD4ktiD8UI8I66C+6AsXnifuji

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks