cobaltstrike

General

Target

f53fc8ee1359db4a8a7ec51d9fa82c5aa2b9e9c462c7d83151c853dda815c628
Size

217KB
Sample

201115-l4xst3hrvx
MD5

fac9407d8b782e2464bd1419182842bc
SHA1

9ea7a22e44d67093b99cb802cb3ff49ca3b43ac6
SHA256

f53fc8ee1359db4a8a7ec51d9fa82c5aa2b9e9c462c7d83151c853dda815c628
SHA512

bc7ff6d6cefa11bfe130bebae87e7876c63649859ee7a1ea7d5c4378b139ea7198e3d123b31274adf8ef7c6a0923a8fd7bc6e296a178ce9a012eaf75263a6ef1

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://universalec.com.zclngty.club:443/owa/

Attributes

access_type
512
beacon_type
2048
dns_idle
1.34744072e+08
host
universalec.com.zclngty.club,/owa/
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAACGQ29va2llOiBNaWNyb3NvZnRBcHBsaWNhdGlvbnNUZWxlbWV0cnlEZXZpY2VJZD05NWMxOGQ4LTRkY2U5ODU0O0NsaWVudElkPTFDMEY2QzVEOTEwRjk7TVNQQXV0aD0zRWtBakRLakk7eGlkPTczMGJmNzt3bGE0Mj1aRzB5TXpBMktqRXMAAAAHAAAAAAAAAA0AAAAFAAAAAndhAAAACQAAAA5wYXRoPS9jYWxlbmRhcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAABAAAADQAAAAUAAAACd2EAAAAHAAAAAAAAAA0AAAACAAAABndsYTQyPQAAAAIAAAALeGlkPTczMGJmNzsAAAACAAAAEk1TUEF1dGg9M0VrQWpES2pJOwAAAAIAAAAXQ2xpZW50SWQ9MUMwRjZDNUQ5MTBGOTsAAAACAAAAOE1pY3Jvc29mdEFwcGxpY2F0aW9uc1RlbGVtZXRyeURldmljZUlkPTk1YzE4ZDgtNGRjZTk4NTQ7AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
GET
jitter
5120
maxdns
235
polling_time
30000
port_number
443
sc_process32
%windir%\syswow64\gpupdate.exe
sc_process64
%windir%\sysnative\gpupdate.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaFjt+ur8edBaOugmVauUhoZuRl/X1csJ4aa5HNiVVxH+nj+tljmiIaj9JYw+dX02sXg+KraYAGaR0XRIJC7Fac+g4z8+Gce7dZTFpyQgtgE/ktBZsYlweECSXVPa7mUrUvLv9bjnn4x5woeJ388rAWdOpz5PPuFV1o0cIA+/7xwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.448416512e+09
unknown2
AAAABAAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown3
1.610612736e+09
uri
/OWA/
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)

Targets

- Target
  
  f53fc8ee1359db4a8a7ec51d9fa82c5aa2b9e9c462c7d83151c853dda815c628
- Size
  
  217KB
- MD5
  
  fac9407d8b782e2464bd1419182842bc
- SHA1
  
  9ea7a22e44d67093b99cb802cb3ff49ca3b43ac6
- SHA256
  
  f53fc8ee1359db4a8a7ec51d9fa82c5aa2b9e9c462c7d83151c853dda815c628
- SHA512
  
  bc7ff6d6cefa11bfe130bebae87e7876c63649859ee7a1ea7d5c4378b139ea7198e3d123b31274adf8ef7c6a0923a8fd7bc6e296a178ce9a012eaf75263a6ef1
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2