cobaltstrike

General

Target

46348dc4001604b1bede4d700753b14db705fa4d308cbae0525aab5f1b8ed532
Size

204KB
Sample

201110-22c3gm5pk6
MD5

ebe5044ff40edaead04ad0e25cf564b3
SHA1

ecb30800102dff8a407755978994fc2f96d7c0bb
SHA256

46348dc4001604b1bede4d700753b14db705fa4d308cbae0525aab5f1b8ed532
SHA512

829cead392877ee226cd3ff235488ed6f5850083c8d1b85aaac0345e091589ac78a47ec1d4bf3e8c0930d70d10e8b98e14807da176509fc1efceb1152e72e606

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://31.44.184.48:80/j.ad

Attributes

access_type
512
host
31.44.184.48,/j.ad
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
polling_time
60000
port_number
80
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCT42RZXDkOt4TBaANg7RggQbQZgKIt9JoHuhWGb5HcZdWd3ZmoqFQuFJ53NsjMvGrDkwxGokAV2GaGhCCb1GHK1NigI6uBcokE6seiXhny94nDmEEu4EEdYyFgLrsswJ04NA8tnIQD11iUz7XxzwocHN1161Yj66YCBK61DUomQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)

Targets

- Target
  
  46348dc4001604b1bede4d700753b14db705fa4d308cbae0525aab5f1b8ed532
- Size
  
  204KB
- MD5
  
  ebe5044ff40edaead04ad0e25cf564b3
- SHA1
  
  ecb30800102dff8a407755978994fc2f96d7c0bb
- SHA256
  
  46348dc4001604b1bede4d700753b14db705fa4d308cbae0525aab5f1b8ed532
- SHA512
  
  829cead392877ee226cd3ff235488ed6f5850083c8d1b85aaac0345e091589ac78a47ec1d4bf3e8c0930d70d10e8b98e14807da176509fc1efceb1152e72e606
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- ServiceHost packer
  Detects ServiceHost packer used for .NET malware
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

ServiceHost packer

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2