cobaltstrike | 6a49b676d1dd1d7603f7296f4499b122519a932b51eced659e62934352d1cb66

Analysis

max time kernel
115s
max time network
132s
platform
windows7_x64
resource
win7v20201028
submitted
15-11-2020 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a49b676d1dd1d7603f7296f4499b122519a932b51eced659e62934352d1cb66.exe
Size

224KB
MD5

39691de59ad603b27f5f244252431c90
SHA1

bca400c8fa470f3fa65d7a1ecd45f5b9d0237619
SHA256

6a49b676d1dd1d7603f7296f4499b122519a932b51eced659e62934352d1cb66
SHA512

b026bd32d1684b51f4c6fdb8f4aa485389de090d84edced19ebe91afa5d998a592c45a5d43f1181b49154dceef4b4607b122079addf15d8ae2d7cc5b6baa8230

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

http://support.manilacityhall.com:443/jquery-ajaxSuccess.js

Attributes

access_type
512
beacon_type
2048
create_remote_thread
0
day
0
dns_idle
0
dns_sleep
0
host
support.manilacityhall.com,/jquery-ajaxSuccess.js
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAVSG9zdDogY29kZS5qcXVlcnkuY29tAAAACgAAACBSZWZlcmVyOiBodHRwOi8vY29kZS5qcXVlcnkuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAANAAAAAgAAAAlfX2NmZHVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAVSG9zdDogY29kZS5qcXVlcnkuY29tAAAACgAAACBSZWZlcmVyOiBodHRwOi8vY29kZS5qcXVlcnkuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAPAAAADQAAAAUAAAAIX19jZmR1aWQAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
injection_process
jitter
9472
maxdns
255
month
0
pipe_name
polling_time
60000
port_number
443
proxy_password
proxy_server
proxy_username
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVRrITlds21bbk/+HfUdlq32bnIYIqJ/TgHPYgtliFLWwQfIhuvUldbUpMGMtdb3WHlRoqmz2XOajC5j4ZmzslqMa0vBwTd5wEmnqypQCzdspTEdq3Ose34Q5Q96c0u8MC6qh5RavngODYv1lfBEmB14mAAH0WqDFu6wfFmQWyuQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.234810624e+09
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown3
0
unknown4
0
unknown5
3.276909167e+09
uri
/jquery-before.js
user_agent
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
year
0

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\6a49b676d1dd1d7603f7296f4499b122519a932b51eced659e62934352d1cb66.exe
"C:\Users\Admin\AppData\Local\Temp\6a49b676d1dd1d7603f7296f4499b122519a932b51eced659e62934352d1cb66.exe"
1⤵
PID:1824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1716-1-0x000007FEF5D50000-0x000007FEF5FCA000-memory.dmp

Filesize
2.5MB

Download
memory/1824-0-0x00000000007B0000-0x0000000000C22000-memory.dmp

Filesize
4.4MB

Download
memory/1824-2-0x00000000007B0000-0x0000000000C22000-memory.dmp

Filesize
4.4MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads