cobaltstrike | 000510235af88211cab033096f5607adfecd39ec459e764aad8415223e2c9247

Analysis

max time kernel
125s
max time network
135s
platform
windows10_x64
resource
win10v20201028
submitted
12-11-2020 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d3c1112af9c8a083c4b1806b13995ff.exe
Size

132KB
MD5

4d3c1112af9c8a083c4b1806b13995ff
SHA1

872d6e5e5d295899fcb19c55ceb0bb2cd5a8e263
SHA256

000510235af88211cab033096f5607adfecd39ec459e764aad8415223e2c9247
SHA512

d527d2de41f815672e327e905716bd978f3afc746d0e2a39b7332af891401e8311b5c23659f30f18b502ea86bc2f681b2a586692fd2f89eec9ccc5dc5a5ec809

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

http://217.12.218.250:443/questions/32251816/c-sharp-directives-compilation-error

Attributes

access_type
512
beacon_type
2048
create_remote_thread
0
day
0
dns_idle
1.34744072e+08
dns_sleep
0
host
217.12.218.250,/questions/32251816/c-sharp-directives-compilation-error
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi1VUwAAAAcAAAAAAAAACAAAAAIAAAAFcHJvdj0AAAABAAAADjtub3RpY2UtY3R0PSExAAAAAQAAAA87X2dhPUdBMS4yLjk5MjQAAAABAAAABztfZ2F0PTEAAAABAAAAEDtfX3FjYT1QMC0yMTQ0NTkAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAATQWNjZXB0LUxhbmd1YWdlOiBlbgAAAAcAAAABAAAACAAAAAIAAAAFcHJvdj0AAAABAAAADjtub3RpY2UtY3R0PSExAAAAAQAAAA87X2dhPUdBMS4yLjk5MjQAAAABAAAABztfZ2F0PTEAAAABAAAAEDtfX3FjYT1QMC0yMTQ0NTkAAAAGAAAABkNvb2tpZQAAAAcAAAAAAAAADQAAAAUAAAAJYW5zd2VydGFiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
GET
injection_process
jitter
5632
maxdns
245
month
0
pipe_name
polling_time
35000
port_number
443
proxy_password
proxy_server
proxy_username
sc_process32
%windir%\syswow64\gpupdate.exe
sc_process64
%windir%\sysnative\gpupdate.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCT42RZXDkOt4TBaANg7RggQbQZgKIt9JoHuhWGb5HcZdWd3ZmoqFQuFJ53NsjMvGrDkwxGokAV2GaGhCCb1GHK1NigI6uBcokE6seiXhny94nDmEEu4EEdYyFgLrsswJ04NA8tnIQD11iUz7XxzwocHN1161Yj66YCBK61DUomQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.445232896e+09
unknown2
AAAABAAAAAEAAAQ/AAAAAgAAABEAAAACAAAATgAAAAIAAAAHAAAAAgAAAHMAAAACAAAAXgAAAAIAAAABAAAADQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown3
1.610612736e+09
unknown4
0
unknown5
2.018915346e+09
uri
/questions/32251817/c-sharp-directives-compilation-error
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
year
0

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\4d3c1112af9c8a083c4b1806b13995ff.exe
"C:\Users\Admin\AppData\Local\Temp\4d3c1112af9c8a083c4b1806b13995ff.exe"
1⤵
PID:508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/508-0-0x0000000003060000-0x000000000309D000-memory.dmp

Filesize
244KB

Download
memory/508-1-0x0000000003060000-0x000000000309D000-memory.dmp

Filesize
244KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads