Overview

overview

10

Static

static

10

868d4932a9...29.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    868d4932a9ecfeef12752a9886c0a79e3247c5c24f10db877557699a7a640129

  • Size

    379KB

  • Sample

    250407-v41pjsyn13

  • MD5

    9aaca3c11328fcfb9db17637fdf9806a

  • SHA1

    47cd13962f4281a813da96266c8c8df1c96c71db

  • SHA256

    868d4932a9ecfeef12752a9886c0a79e3247c5c24f10db877557699a7a640129

  • SHA512

    9ab3d9a593a4cc3a11e33da233aee6c95f27032fa1548b7a4ffed2d52edccbc2b2a145cddcd56557dd8ddee99b01b23499feff9f120704557a806f9af050c48b

  • SSDEEP

    6144:R14roJqVG5d1IpMyibgkTZI6jHID90aVBX4H/T:0ro3d6tevoxlBX+

Score
10/10
cobaltstrike100000backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://192.168.138.137:100/__utm.gif

Attributes
  • access_type

    512

  • host

    192.168.138.137,/__utm.gif

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    100

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZhtFsPp0BFIbpHBfDeEBgqalPmpqO3i5bxPD9bGMv7/JbvaUXdb7M4mODSwcsMoUQJxkWzdCcEl8cHuOIlbiH+yALjZU441S/D2aVUKzIHamg6gok51JzGbwEn+nGd/iHX9rW7AWnWk9HGsttBJBjIjNr+/iAmjqW5gj89O2TxwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)

  • watermark

    100000

Targets

    • Target

      868d4932a9ecfeef12752a9886c0a79e3247c5c24f10db877557699a7a640129

    • Size

      379KB

    • MD5

      9aaca3c11328fcfb9db17637fdf9806a

    • SHA1

      47cd13962f4281a813da96266c8c8df1c96c71db

    • SHA256

      868d4932a9ecfeef12752a9886c0a79e3247c5c24f10db877557699a7a640129

    • SHA512

      9ab3d9a593a4cc3a11e33da233aee6c95f27032fa1548b7a4ffed2d52edccbc2b2a145cddcd56557dd8ddee99b01b23499feff9f120704557a806f9af050c48b

    • SSDEEP

      6144:R14roJqVG5d1IpMyibgkTZI6jHID90aVBX4H/T:0ro3d6tevoxlBX+

    Score
    10/10
    cobaltstrike100000backdoortrojan
    behavioral1

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.