cobaltstrike

General

Target

36f68f4836362d94e2f0e25720c26bb9bc60a4bc9533e94d3c164814269e476e
Size

217KB
Sample

201113-qe5njlq7y6
MD5

d920230acdc464d60e0448494ca51cdb
SHA1

89e02ba5ed35daefcc464ed29a15108224f938a7
SHA256

36f68f4836362d94e2f0e25720c26bb9bc60a4bc9533e94d3c164814269e476e
SHA512

6e68d62c4c89a0378b9e968c68061e2f98d26181bfcd957d3ce5f1590166ec58c0cbbdd112636705c6fae83de23e2604c94cad3e4ccf9695188a5c178f8817b4

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://mn.service1updater.com:443/as

http://nm.service1updater.com:443/as

http://rf.service1updater.com:443/as

Attributes

access_type
512
beacon_type
2048
dns_idle
4.25748544e+08
dns_sleep
1.879048192e+09
host
mn.service1updater.com,/as,nm.service1updater.com,/as,rf.service1updater.com,/as
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAASQWNjZXB0OiBpbWFnZS9qcGVnAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTAAAABwAAAAAAAAADAAAAAwAAAAIAAAAMcmVnX2ZiX2dhdGU9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAZQWNjZXB0LUVuY29kaW5nOiBnemlwLCBicgAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAAIAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
9472
maxdns
246
polling_time
57490
port_number
443
sc_process32
%windir%\syswow64\WUAUCLT.exe
sc_process64
%windir%\sysnative\WUAUCLT.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+Brgt7qpJEDFlNzRXJ3U32Ai83RELHU2iauyt2G61YyzSjF9redov1RZwDiiGhTExKympX6Tf1sfYD8kZ9R641I12Y4PPHQ479FNccYmQJUYFPO/DX6451dGK34TGi+dE1B+9nOAiBtR6pXZnv0duYZBd4xvYjY9LgmAgPO0QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.272630272e+09
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/dz
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9

Targets

- Target
  
  36f68f4836362d94e2f0e25720c26bb9bc60a4bc9533e94d3c164814269e476e
- Size
  
  217KB
- MD5
  
  d920230acdc464d60e0448494ca51cdb
- SHA1
  
  89e02ba5ed35daefcc464ed29a15108224f938a7
- SHA256
  
  36f68f4836362d94e2f0e25720c26bb9bc60a4bc9533e94d3c164814269e476e
- SHA512
  
  6e68d62c4c89a0378b9e968c68061e2f98d26181bfcd957d3ce5f1590166ec58c0cbbdd112636705c6fae83de23e2604c94cad3e4ccf9695188a5c178f8817b4
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2