Resubmissions

12-05-2021 09:09

210512-ll8v73rjm6 10

12-07-2020 13:12

200712-aaxsfptbdx 10

General

  • Target

    test_00690000.bin

  • Size

    204KB

  • Sample

    200712-aaxsfptbdx

  • MD5

    82401a076fce0af2b913f8c904d8c9e3

  • SHA1

    eadfb9becbe7b2e8dc9aaf1f09aac0276df4b2ec

  • SHA256

    84b87be120ec7d63af6e791e1642c63d4d83c09a1726f3b036c19547ccbef6be

  • SHA512

    8f53fc66a4413295e9b47878b8d4706d6115d308d91b2728656791e7c2ed38df29552dda5cd2537d71f81d17f3ba470e271a24e99d6b8ca8892a22daa3335bbe

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://reportsbank.com:443/about/main_title/xpattern/browse.php

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    reportsbank.com,/about/main_title/xpattern/browse.php

  • http_header1

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAIAAAAAgAAAAhQUkVGPUlEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAIAAAAAgAAABJVPTc3OWI2NGUxYTdlZDczN2EAAAACAAAACFBSRUY9SUQ9AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    5120

  • maxdns

    255

  • polling_time

    30000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnZJUJvpQVF6pohWRnN0wEc8/hbjW81vA2+/lDkMx6x67JTvJV+LsmoWuIafy1ihS8AK2/ndjilVaatWECz3xeUBLPh7S+8xA7uOOpiutTSRrtkPESpa4CZEYo5noKjF8k2lSViRZMo3K3bsW1ctxvFK+8Opp10B7SWdbGp4ZcxQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /contact/work_title/app/SFX.php

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

Targets

    • Target

      test_00690000.bin

    • Size

      204KB

    • MD5

      82401a076fce0af2b913f8c904d8c9e3

    • SHA1

      eadfb9becbe7b2e8dc9aaf1f09aac0276df4b2ec

    • SHA256

      84b87be120ec7d63af6e791e1642c63d4d83c09a1726f3b036c19547ccbef6be

    • SHA512

      8f53fc66a4413295e9b47878b8d4706d6115d308d91b2728656791e7c2ed38df29552dda5cd2537d71f81d17f3ba470e271a24e99d6b8ca8892a22daa3335bbe

    Score
    10/10

MITRE ATT&CK Matrix

Tasks