cobaltstrike

General

Target

296f5b56d7166919f725ed5f2899a72bb9b1500d0ed1fa44c32c6621c436cd4c
Size

282KB
Sample

201112-qbhqlvxyfj
MD5

94cb48712e3f5c9b475b5eab670fbdb7
SHA1

525aa85d56b4d6bbc732891f90ce6bf97b17f635
SHA256

296f5b56d7166919f725ed5f2899a72bb9b1500d0ed1fa44c32c6621c436cd4c
SHA512

03c4a035f16822b670e57f0e1b2cdb1a1bc325e35626167eda0501551e95e8cb707d105a4702eb8e06988ea09f7a343dc5712673d7aba4e66409c4f399b28612

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://xnjscdn.com:443/508/extra.html

Attributes

access_type
512
beacon_type
2048
create_remote_thread
768
dns_idle
1.34744072e+08
dns_sleep
1.17440512e+09
host
xnjscdn.com,/508/extra.html
http_header1
AAAABwAAAAAAAAANAAAABQAAAAZjcmVhdGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAABwAAAAAAAAADAAAAAgAAAAZ0b2tlbj0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
3840
maxdns
231
pipe_name
\\%s\pipe\tjpw_#
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\conhost.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMBvwSPImgtlkCMnPyQog7xlp5Ci5OFj2Hyb/B4I+tm2QqqS28DK8DSSShrUwHZA2fOmY4Wc5PkS9XW/6gEWFJNWnZPjPBtJ0DNNOwvhvAvR4Rfvx3O2sh1mwpoHwO8rZLcyHK2SLhoLq1P2mP8z4ZjUoxgurSzN94Is5QKxGLbwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/typo/contacto.htm
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36

Targets

- Target
  
  296f5b56d7166919f725ed5f2899a72bb9b1500d0ed1fa44c32c6621c436cd4c
- Size
  
  282KB
- MD5
  
  94cb48712e3f5c9b475b5eab670fbdb7
- SHA1
  
  525aa85d56b4d6bbc732891f90ce6bf97b17f635
- SHA256
  
  296f5b56d7166919f725ed5f2899a72bb9b1500d0ed1fa44c32c6621c436cd4c
- SHA512
  
  03c4a035f16822b670e57f0e1b2cdb1a1bc325e35626167eda0501551e95e8cb707d105a4702eb8e06988ea09f7a343dc5712673d7aba4e66409c4f399b28612
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2