cobaltstrike

General

Target

46693e0208c7bacac357ec9a2d0e84f7.exe
Size

1.9MB
Sample

201105-bt1apb9wx2
MD5

46693e0208c7bacac357ec9a2d0e84f7
SHA1

36ea5100df30506ba8972bf2782772ffa19f2224
SHA256

fb780f623a78c9b5aa8a279430731b84d0efe937ea5684f80182e4f896e8e288
SHA512

0d4fd6a48d9e304a6c8f2d473da695ecf5a5820c22e104bbb45319cc4fea299810cc62f6216e4dcd9d1610dde496e3714f73a64097c5cc8da2be5c07e534ee10

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://bakcup-monster.com:443/static-directory/ro.png

Extracted

Family

cobaltstrike

C2

http://mn.bakcup-monster.com:443/remove

http://nm.bakcup-monster.com:443/remove

http://ws.bakcup-monster.com:443/remove

Attributes

access_type
512
beacon_type
2048
dns_idle
3.731859462e+09
dns_sleep
2.5165824e+09
host
mn.bakcup-monster.com,/remove,nm.bakcup-monster.com,/remove,ws.bakcup-monster.com,/remove
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAASQWNjZXB0OiBpbWFnZS9qcGVnAAAACgAAABNBY2NlcHQtRW5jb2Rpbmc6IGJyAAAABwAAAAAAAAADAAAAAwAAAAIAAAAMcmVnX2ZiX2dhdGU9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAADwAAAAMAAAACAAAAB1dQTEFORz0AAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
9984
maxdns
247
polling_time
57861
port_number
443
sc_process32
%windir%\syswow64\regsvr32.exe
sc_process64
%windir%\sysnative\regsvr32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNPfWcRLa4mEhhiLv4fEPpvSNkabkgwAzQ+wUb8SfETsaN7aUTlm6sPu9BfmOdcdLlFP729nwzyEo4oaCuskBe28G/g5Mf76yNI/7eZEWHlfwU0nsVWO/XPek7XqyWJAmfTjn80TsQhEoZvvlQ7iiJRxpWn/YkOZQbEKlUtehNQQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
5.10860288e+08
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/jp
user_agent
Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0

Targets

- Target
  
  46693e0208c7bacac357ec9a2d0e84f7.exe
- Size
  
  1.9MB
- MD5
  
  46693e0208c7bacac357ec9a2d0e84f7
- SHA1
  
  36ea5100df30506ba8972bf2782772ffa19f2224
- SHA256
  
  fb780f623a78c9b5aa8a279430731b84d0efe937ea5684f80182e4f896e8e288
- SHA512
  
  0d4fd6a48d9e304a6c8f2d473da695ecf5a5820c22e104bbb45319cc4fea299810cc62f6216e4dcd9d1610dde496e3714f73a64097c5cc8da2be5c07e534ee10
Score

10^/10

cobaltstrike metasploit backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MetaSploit

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2