cobaltstrike | 3ec7126c2538d33007a3c5da01130430442a59349794ceddbc64c1b45a2dc4ba

Analysis

max time kernel
134s
max time network
150s
platform
windows10_x64
resource
win10v20201028
submitted
13-11-2020 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ec7126c2538d33007a3c5da01130430442a59349794ceddbc64c1b45a2dc4ba.exe
Size

224KB
MD5

b425a2f36c42563e301ba185512486e5
SHA1

b3c6e81be888de6a7af48d2947d06d8b9db71960
SHA256

3ec7126c2538d33007a3c5da01130430442a59349794ceddbc64c1b45a2dc4ba
SHA512

f1334e1edf8503134cec5348ab4525642b37b76ae5b5826742ae07db515929d82b8b39ef6f7a1d590520d8338e4aa3f12d9b682aee548769fe81110688bbbcb1

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

http://support.manilacityhall.com:443/jquery-ajaxSuccess.js

Attributes

access_type
512
beacon_type
2048
create_remote_thread
0
day
0
dns_idle
0
dns_sleep
0
host
support.manilacityhall.com,/jquery-ajaxSuccess.js
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAVSG9zdDogY29kZS5qcXVlcnkuY29tAAAACgAAACBSZWZlcmVyOiBodHRwOi8vY29kZS5qcXVlcnkuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAANAAAAAgAAAAlfX2NmZHVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAVSG9zdDogY29kZS5qcXVlcnkuY29tAAAACgAAACBSZWZlcmVyOiBodHRwOi8vY29kZS5qcXVlcnkuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAPAAAADQAAAAUAAAAIX19jZmR1aWQAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
injection_process
jitter
9472
maxdns
255
month
0
pipe_name
polling_time
60000
port_number
443
proxy_password
proxy_server
proxy_username
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVRrITlds21bbk/+HfUdlq32bnIYIqJ/TgHPYgtliFLWwQfIhuvUldbUpMGMtdb3WHlRoqmz2XOajC5j4ZmzslqMa0vBwTd5wEmnqypQCzdspTEdq3Ose34Q5Q96c0u8MC6qh5RavngODYv1lfBEmB14mAAH0WqDFu6wfFmQWyuQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.234810624e+09
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown3
0
unknown4
0
unknown5
3.276909167e+09
uri
/jquery-before.js
user_agent
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
year
0

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\3ec7126c2538d33007a3c5da01130430442a59349794ceddbc64c1b45a2dc4ba.exe
"C:\Users\Admin\AppData\Local\Temp\3ec7126c2538d33007a3c5da01130430442a59349794ceddbc64c1b45a2dc4ba.exe"
1⤵
PID:4756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4756-0-0x00000000009A0000-0x0000000000E12000-memory.dmp

Filesize
4.4MB

Download
memory/4756-1-0x00000000009A0000-0x0000000000E12000-memory.dmp

Filesize
4.4MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads