cobaltstrike

General

Target

6c42cf467d6bf3aad0153d81f925aaa0f06828781f0cd056e03ca8f5171e40fe
Size

217KB
Sample

201111-ljb6qam122
MD5

e7ebefcc6c56d445c20cf78a466eda81
SHA1

ce454a6da14dbd35227d4a609c669cb0b886479a
SHA256

6c42cf467d6bf3aad0153d81f925aaa0f06828781f0cd056e03ca8f5171e40fe
SHA512

fe5267e07a10600e7060f8c5d687a515a2b2128f80f6cad3b19f50f800e2ea597798da165b7923a098f22ab7e1333a4352b1bc5ecffccd46daa3654f4f907e7c

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://universalec.com.zclngty.club:443/owa/

Attributes

access_type
512
beacon_type
2048
dns_idle
1.34744072e+08
host
universalec.com.zclngty.club,/owa/
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAACGQ29va2llOiBNaWNyb3NvZnRBcHBsaWNhdGlvbnNUZWxlbWV0cnlEZXZpY2VJZD05NWMxOGQ4LTRkY2U5ODU0O0NsaWVudElkPTFDMEY2QzVEOTEwRjk7TVNQQXV0aD0zRWtBakRLakk7eGlkPTczMGJmNzt3bGE0Mj1aRzB5TXpBMktqRXMAAAAHAAAAAAAAAA0AAAAFAAAAAndhAAAACQAAAA5wYXRoPS9jYWxlbmRhcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAABAAAADQAAAAUAAAACd2EAAAAHAAAAAAAAAA0AAAACAAAABndsYTQyPQAAAAIAAAALeGlkPTczMGJmNzsAAAACAAAAEk1TUEF1dGg9M0VrQWpES2pJOwAAAAIAAAAXQ2xpZW50SWQ9MUMwRjZDNUQ5MTBGOTsAAAACAAAAOE1pY3Jvc29mdEFwcGxpY2F0aW9uc1RlbGVtZXRyeURldmljZUlkPTk1YzE4ZDgtNGRjZTk4NTQ7AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
GET
jitter
5120
maxdns
235
polling_time
30000
port_number
443
sc_process32
%windir%\syswow64\gpupdate.exe
sc_process64
%windir%\sysnative\gpupdate.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaFjt+ur8edBaOugmVauUhoZuRl/X1csJ4aa5HNiVVxH+nj+tljmiIaj9JYw+dX02sXg+KraYAGaR0XRIJC7Fac+g4z8+Gce7dZTFpyQgtgE/ktBZsYlweECSXVPa7mUrUvLv9bjnn4x5woeJ388rAWdOpz5PPuFV1o0cIA+/7xwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.448416512e+09
unknown2
AAAABAAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown3
1.610612736e+09
uri
/OWA/
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)

Targets

- Target
  
  6c42cf467d6bf3aad0153d81f925aaa0f06828781f0cd056e03ca8f5171e40fe
- Size
  
  217KB
- MD5
  
  e7ebefcc6c56d445c20cf78a466eda81
- SHA1
  
  ce454a6da14dbd35227d4a609c669cb0b886479a
- SHA256
  
  6c42cf467d6bf3aad0153d81f925aaa0f06828781f0cd056e03ca8f5171e40fe
- SHA512
  
  fe5267e07a10600e7060f8c5d687a515a2b2128f80f6cad3b19f50f800e2ea597798da165b7923a098f22ab7e1333a4352b1bc5ecffccd46daa3654f4f907e7c
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2