General

  • Target

    382376c7e488d0c7868d4d7c663acc38c3754858946ed80160ad0a12b6b17a02

  • Size

    256KB

  • Sample

    241117-w2xesawbjf

  • MD5

    eab078c8c23870a5ac209540fbf88af8

  • SHA1

    62d5aa04008a682e98b197bf6b9cdc406eb500fc

  • SHA256

    382376c7e488d0c7868d4d7c663acc38c3754858946ed80160ad0a12b6b17a02

  • SHA512

    9580ad470042b55dca606dbec5b74582bbeb7cbd37b20b1fc0eb7026216a9f2b6869788b0d09f70aad8dbdb66913a5a4a0f2f6f0c4b0c17714d1f7e5962bfd8e

  • SSDEEP

    3072:7c0nsHpyvGj346lbkBN/gp7j8aJGIhxjT3A8ygbLAZmitdGl59tQYJ1b/S1Pjz8C:7c0bPzIpf8ahTw8PHA8itQrQvvuE

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1

C2

http://182.92.201.45:62213/push

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    182.92.201.45,/push

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    62213

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmIejjtdo9X1DnPj9nlJ02adfABqyERWmpAINFzQaThpk6MIWJUVFfpwH1FlX33xdzXUQfiJF5aSGVfpiOQ7bEGBqBEJy6UTcFR1Xv6RyhCJxEYorYIXqDyGmyihonG3/fpDTYyJVvF471Qcem9OD5fq/zBhSKIvqlSOa1jjSGwQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)

  • watermark

    1

Targets

    • Target

      382376c7e488d0c7868d4d7c663acc38c3754858946ed80160ad0a12b6b17a02

    • Size

      256KB

    • MD5

      eab078c8c23870a5ac209540fbf88af8

    • SHA1

      62d5aa04008a682e98b197bf6b9cdc406eb500fc

    • SHA256

      382376c7e488d0c7868d4d7c663acc38c3754858946ed80160ad0a12b6b17a02

    • SHA512

      9580ad470042b55dca606dbec5b74582bbeb7cbd37b20b1fc0eb7026216a9f2b6869788b0d09f70aad8dbdb66913a5a4a0f2f6f0c4b0c17714d1f7e5962bfd8e

    • SSDEEP

      3072:7c0nsHpyvGj346lbkBN/gp7j8aJGIhxjT3A8ygbLAZmitdGl59tQYJ1b/S1Pjz8C:7c0bPzIpf8ahTw8PHA8itQrQvvuE

    Score
    1/10

MITRE ATT&CK Matrix

Tasks