cobaltstrike | 2a50f3aeb2459354e70ba6eb61bebbfbe09a2b0d24180910cdfa3a6b1140d936

Sharing

Copy URL

Twitter E-mail

General

Target

2a50f3aeb2459354e70ba6eb61bebbfbe09a2b0d24180910cdfa3a6b1140d936
Size

259KB
Sample

240628-3cy1msvdnc
MD5

4157451d1de7e506e623de93f1d2d3cb
SHA1

2d2bf3a09bb1fa82ac34f007f11d96e4e0ebf7cd
SHA256

2a50f3aeb2459354e70ba6eb61bebbfbe09a2b0d24180910cdfa3a6b1140d936
SHA512

c90478d1ddf05e83d72215b9738e19944999463c32778f5928fafddecf7524ac50f28eaebe59726bd559c1d9365e719cdaca1f984b09d6ffed5dacbc47b82095
SSDEEP

6144:fJqVG5d1IpMyibgkTZI6jHID90a2YBX0H/:f3d6tevoxGYBXC

Score

10^/10

cobaltstrike 100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

http://api.chinaunion.info:443/api/v1/docs/

Attributes

access_type
512
beacon_type
2048
host
api.chinaunion.info,/api/v1/docs/
http_header1
AAAAEAAAABlIb3N0OiBhcGkuY2hpbmF1bmlvbi5pbmZvAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAADd1bmlvbi1hY2Nlc3MtaWQ6IGFndUVBVWhQUVVwWWZ5OEY3Z21pWWVKNFlQN0NnbmtaR0REMnEyAAAABwAAAAAAAAANAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABlIb3N0OiBhcGkuY2hpbmF1bmlvbi5pbmZvAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAADd1bmlvbi1hY2Nlc3MtaWQ6IGFndUVBVWhQUVVwWWZ5OEY3Z21pWWVKNFlQN0NnbmtaR0REMnEyAAAABwAAAAAAAAAPAAAACwAAAAUAAAADZG9jAAAABwAAAAEAAAAPAAAADQAAAAIAAAAFZGF0YT0AAAABAAAAAiUlAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
1792
polling_time
3000
port_number
443
sc_process32
c:\windows\syswow64\rundll32.exe
sc_process64
c:\windows\system32\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCD1mDZ2ZPxwbho+hOwVBJrszDhjE2lA5JLkhjRcrxhNaL/OflmaEDgX7jPHtvXeNkARWCqLVW0EX3+0IE2gon6DUxtwTpbFxIhVplMrIcM4jOXPZ6cQBdweuqvHWh8zsbd29B11vEA+Vblgd6A3y7AQMy1P0jArjEUGjmDErUlIQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
2.51666432e+08
unknown2
AAAABAAAAAEAAAACAAAAAgAAAAUAAAAIAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/api/v1/user/
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; meiqia/7.0; rv:11.0) like Gecko
watermark
100000

Targets

- Target
  
  2a50f3aeb2459354e70ba6eb61bebbfbe09a2b0d24180910cdfa3a6b1140d936
- Size
  
  259KB
- MD5
  
  4157451d1de7e506e623de93f1d2d3cb
- SHA1
  
  2d2bf3a09bb1fa82ac34f007f11d96e4e0ebf7cd
- SHA256
  
  2a50f3aeb2459354e70ba6eb61bebbfbe09a2b0d24180910cdfa3a6b1140d936
- SHA512
  
  c90478d1ddf05e83d72215b9738e19944999463c32778f5928fafddecf7524ac50f28eaebe59726bd559c1d9365e719cdaca1f984b09d6ffed5dacbc47b82095
- SSDEEP
  
  6144:fJqVG5d1IpMyibgkTZI6jHID90a2YBX0H/:f3d6tevoxGYBXC
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2