ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://103.108.193.24:443/g.pixel.

Database Entry


IOC ID:294756
IOC: https://103.108.193.24:443/g.pixel
IOC Type :url
Threat Type :botnet_cc
Malware: Cobalt Strike
Malware alias:Agentemis, BEACON, CobaltStrike
Confidence Level : Confidence level is moderate (50%)
First seen:2022-01-13 19:53:40 UTC
Last seen:never
UUID:818f448f-74aa-11ec-8ab6-42010aa4000a
Reporter @HarioMenkel
Reward 10 credits from anonymous
Tags:CobaltStrike

Twitter
@HarioMenkel
[ Download URL of Beacon ]
https://103.108.193.24:443/
[ Extracted Beacon Config ]
BeaconType: ['HTTPS']
Port: 443
SleepTime: 60000
MaxGetSize: 1048576
Jitter: 0
MaxDNS: 255
PublicKey: b"0\x81\x9f0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x81\x8d\x000\x81\x89\x02\x81\x81\x00\x87F\x87'6\x81\xaa6\xa6\x0f=Y/\xff\xff_x \xbf\xe3\xa5\xa5\xa5\x19mlk\xcd\xadD=]_\xbe\xd8S=\xdf\xbd\xa8\x10\xae\xfb\xc0u\xd2*\xe0\xc9\x02q\x9e\x10\xb9#+\xe7\r\xa9N\xe3\x7f\xcb\xf8\xb0\xe0L\x91\x8e\xde\x1c\xac\xa7\xf5\xc2\x1c\x90\xf0\x17W\x9bXLhB,\x82\r\xb9\xa1\x9f\xa4}P\x1a\xfc\xac\xeah?*\x1d\x7fl5e\xbcS\x01LR\x19\x12\xa1*\xa3\x9fPGQ\xe2\x9d\xb5\xd6\x85\x86\xb7\xe5\x02\x03\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
PublicKey_MD5: 038ce308f8d5c7f34f78c23f41a2fb6f
C2Server: 103.108.193.24,/g.pixel
UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C; .NET4.0E)
HttpPostUri: /submit.php
Malleable_C2_Instructions: []
HttpGet_Metadata: {'ConstHeaders': [], 'ConstParams': [], 'Metadata': ['base64', 'header "Cookie"'], 'SessionId': [], 'Output': []}
HttpPost_Metadata: {'ConstHeaders': ['Content-Type: application/octet-stream'], 'ConstParams': [], 'Metadata': [], 'SessionId': ['parameter "id"'], 'Output': ['print']}
SpawnTo: b'`0[\x8e5\xfci?\x0f\x9fq\x18\xf2J\xc3\x90'
PipeName:
DNS_Idle: 0.0.0.0
DNS_Sleep: 0
SSH_Host: Not Found
SSH_Port: Not Found
SSH_Username: Not Found
SSH_Password_Plaintext: Not Found
SSH_Password_Pubkey: Not Found
SSH_Banner: Not Found
HttpGet_Verb: GET
HttpPost_Verb: POST
HttpPostChunk: 0
Spawnto_x86: %windir%\syswow64\rundll32.exe
Spawnto_x64: %windir%\sysnative\rundll32.exe
CryptoScheme: 0
Proxy_Config: Not Found
Proxy_User: Not Found
Proxy_Password: Not Found
Proxy_Behavior: Use IE settings
Watermark: 1873433027
bStageCleanup: False
bCFGCaution: False
KillDate: 0
bProcInject_StartRWX: True
bProcInject_UseRWX: True
bProcInject_MinAllocSize: 0
ProcInject_PrependAppend_x86: Empty
ProcInject_PrependAppend_x64: Empty
ProcInject_Execute: ['CreateThread', 'SetThreadContext', 'CreateRemoteThread', 'RtlCreateUserThread']
ProcInject_AllocationMethod: VirtualAllocEx
ProcInject_Stub: b'\xdat\x89\xd9\xf3\x03\xb6\xa5\xdb\xc4\x84\xfd\xf7\x87!\xd1'
bUsesCookies: True
HostHeader: Not Found
smbFrameHeader: Not Found
tcpFrameHeader: Not Found
headersToRemove: Not Found
DNS_Beaconing: Not Found
DNS_get_TypeA: Not Found
DNS_get_TypeAAAA: Not Found
DNS_get_TypeTXT: Not Found
DNS_put_metadata: Not Found
DNS_put_output: Not Found
DNS_resolver: Not Found
DNS_strategy: Not Found
DNS_strategy_rotate_seconds: Not Found
DNS_strategy_fail_x: Not Found
DNS_strategy_fail_seconds: Not Found