cobaltstrike | 72c018224ed1dfabeb9648b75aa38e1d539af0a578258943f75baea71deb45e4

Sharing

Copy URL

Twitter E-mail

General

Target

72c018224ed1dfabeb9648b75aa38e1d539af0a578258943f75baea71deb45e4
Size

208KB
Sample

240628-ctzemayeqr
MD5

34694bac391a72ad99777a96da2ab884
SHA1

ffdf6a7d932527fa1885148ed8e40831f4ffc207
SHA256

72c018224ed1dfabeb9648b75aa38e1d539af0a578258943f75baea71deb45e4
SHA512

bca6ff1b89ffe004d0d3d7488f5a3ede47acacf446527b06d4a449388b29e110363685d0489a8bd8092a41bd7764c1483371adac1be786c8f816fe8db743d5e9
SSDEEP

3072:cI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUJKY5H:cIDff9D8C6XYRw6MT2DEjK

Score

10^/10

cobaltstrike 100000

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

http://api.chinaunion.info:443/api/v1/docs/

Attributes

access_type
512
beacon_type
2048
host
api.chinaunion.info,/api/v1/docs/
http_header1
AAAAEAAAABlIb3N0OiBhcGkuY2hpbmF1bmlvbi5pbmZvAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAADd1bmlvbi1hY2Nlc3MtaWQ6IGFndUVBVWhQUVVwWWZ5OEY3Z21pWWVKNFlQN0NnbmtaR0REMnEyAAAABwAAAAAAAAANAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABlIb3N0OiBhcGkuY2hpbmF1bmlvbi5pbmZvAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAADd1bmlvbi1hY2Nlc3MtaWQ6IGFndUVBVWhQUVVwWWZ5OEY3Z21pWWVKNFlQN0NnbmtaR0REMnEyAAAABwAAAAAAAAAPAAAACwAAAAUAAAADZG9jAAAABwAAAAEAAAAPAAAADQAAAAIAAAAFZGF0YT0AAAABAAAAAiUlAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
1792
polling_time
3000
port_number
443
sc_process32
c:\windows\syswow64\rundll32.exe
sc_process64
c:\windows\system32\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCD1mDZ2ZPxwbho+hOwVBJrszDhjE2lA5JLkhjRcrxhNaL/OflmaEDgX7jPHtvXeNkARWCqLVW0EX3+0IE2gon6DUxtwTpbFxIhVplMrIcM4jOXPZ6cQBdweuqvHWh8zsbd29B11vEA+Vblgd6A3y7AQMy1P0jArjEUGjmDErUlIQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
2.51666432e+08
unknown2
AAAABAAAAAEAAAACAAAAAgAAAAUAAAAIAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/api/v1/user/
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; meiqia/7.0; rv:11.0) like Gecko
watermark
100000

Targets

- Target
  
  72c018224ed1dfabeb9648b75aa38e1d539af0a578258943f75baea71deb45e4
- Size
  
  208KB
- MD5
  
  34694bac391a72ad99777a96da2ab884
- SHA1
  
  ffdf6a7d932527fa1885148ed8e40831f4ffc207
- SHA256
  
  72c018224ed1dfabeb9648b75aa38e1d539af0a578258943f75baea71deb45e4
- SHA512
  
  bca6ff1b89ffe004d0d3d7488f5a3ede47acacf446527b06d4a449388b29e110363685d0489a8bd8092a41bd7764c1483371adac1be786c8f816fe8db743d5e9
- SSDEEP
  
  3072:cI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUJKY5H:cIDff9D8C6XYRw6MT2DEjK
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2