cobaltstrike

General

Target

4fe5cd7c6dbb785b3009a93132e432d13db53abf1e50fd500074a5f54ef73427
Size

219KB
Sample

201114-2rlgbqeksx
MD5

f4f9a6fe7876ec913ce1fd84fca8ec77
SHA1

d848e1ee63c1215e5c8be1345b24eeac76bc4af9
SHA256

4fe5cd7c6dbb785b3009a93132e432d13db53abf1e50fd500074a5f54ef73427
SHA512

a0be514a167ae56d37d3837873720f01bd05ac0cd4f84587f67e9381a5c159f1ed70cb27c651e0b528ea0365a0b9d30b838d28e044bc8b93feed67317d7fc5c9

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://117.51.152.192:443/da

Attributes

access_type
512
beacon_type
2048
dns_idle
1.993222846e+09
dns_sleep
2.365587456e+09
host
117.51.152.192,/da
http_header1
AAAAEAAAABFIb3N0OiB0ZW5jZW50LmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAD0FjY2VwdDogaW1hZ2UvKgAAAAoAAAAlQWNjZXB0LUxhbmd1YWdlOiBlbi1HQjtxPTAuOSwgKjtxPTAuNwAAAAcAAAAAAAAAAwAAAAMAAAACAAAANXdvcmRwcmVzc19sb2dnZWRfaW5fMTg3MGE4MjlkOWJjNjlhYmY1MDBlY2E2ZjAwMjQxZmU9AAAABgAAAAZDb29raWUAAAAJAAAADmRicHJlZml4PWZhbHNlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAAEAAAABFIb3N0OiB0ZW5jZW50LmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tVVMAAAAKAAAAL0NvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkAAAABwAAAAEAAAANAAAAAwAAAAIAAAAGYmxvY2s9AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
10496
maxdns
255
polling_time
56818
port_number
443
sc_process32
%windir%\syswow64\WUAUCLT.exe
sc_process64
%windir%\sysnative\WUAUCLT.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSyixp/1MR40k2XM26eskni/ZniCYSgKUavTYvl3uoae4ijqlJa99Fj6c4x3b4ydUdhBdcgy+wFJwM0CFDOh8EiCVkNKIxdlN55NUQf9xQcENYNlcSSfTAJHWgs037xn94HeUAHYGsVCtYb//LEAoDolMi6d9te8VrUMrR5QsNJwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
7.8457344e+07
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/as
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246

Targets

- Target
  
  4fe5cd7c6dbb785b3009a93132e432d13db53abf1e50fd500074a5f54ef73427
- Size
  
  219KB
- MD5
  
  f4f9a6fe7876ec913ce1fd84fca8ec77
- SHA1
  
  d848e1ee63c1215e5c8be1345b24eeac76bc4af9
- SHA256
  
  4fe5cd7c6dbb785b3009a93132e432d13db53abf1e50fd500074a5f54ef73427
- SHA512
  
  a0be514a167ae56d37d3837873720f01bd05ac0cd4f84587f67e9381a5c159f1ed70cb27c651e0b528ea0365a0b9d30b838d28e044bc8b93feed67317d7fc5c9
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2