cobaltstrike

General

Target

f0643ab083d8a3905bd1551cf4d9e37c.exe
Size

1.9MB
Sample

201105-36knzybbs6
MD5

f0643ab083d8a3905bd1551cf4d9e37c
SHA1

cf62c0c2036ca9493a718910785a47a6ef27e1e9
SHA256

dc504935b4a0f6059ba40c20803c7cf22b5c3a5f0b20226e36003df979bcbd4a
SHA512

e446827fc5637a95b2154d08ef97555cf59a5a9f14a291a0cdecd5bdfc711f28ca1b68c93cc69bbbf1f24f0c0b8da2a313156af45969def717853eab86778681

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://backup-leader.com:443/image-directory/admin.png

Extracted

Family

cobaltstrike

C2

http://mn.backup-leader.com:443/nl

http://nm.backup-leader.com:443/nl

http://ws.backup-leader.com:443/gv

Attributes

access_type
512
beacon_type
2048
dns_idle
5.56470866e+08
dns_sleep
2.26492416e+09
host
mn.backup-leader.com,/nl,nm.backup-leader.com,/nl,ws.backup-leader.com,/gv
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAACwAAAAMAAAACAAAAA2x1PQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAAMAAAADAAAAAgAAAAVjb3B5PQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
9984
maxdns
242
polling_time
64166
port_number
443
sc_process32
%windir%\syswow64\WUAUCLT.exe
sc_process64
%windir%\sysnative\WUAUCLT.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCV+EMFzgcTWtUwz7qH5kVvpPpxb4hdQlFHdXZjeNP784OU3cffIQSmKPly6yRwHPBxN5a3PEDE5c9Je4PLZgeYRqAZYZNZysu56NePpcXXLMoUBN3pRhF48a+fyV35EUltWSA9kmM9yTR7lF+ZvgoXnCHH1141/qw0CrvFtCrFoQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.43751424e+08
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/styles
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246

Targets

- Target
  
  f0643ab083d8a3905bd1551cf4d9e37c.exe
- Size
  
  1.9MB
- MD5
  
  f0643ab083d8a3905bd1551cf4d9e37c
- SHA1
  
  cf62c0c2036ca9493a718910785a47a6ef27e1e9
- SHA256
  
  dc504935b4a0f6059ba40c20803c7cf22b5c3a5f0b20226e36003df979bcbd4a
- SHA512
  
  e446827fc5637a95b2154d08ef97555cf59a5a9f14a291a0cdecd5bdfc711f28ca1b68c93cc69bbbf1f24f0c0b8da2a313156af45969def717853eab86778681
Score

10^/10

cobaltstrike metasploit backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MetaSploit

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2