cobaltstrike

General

Target

PL64.dll
Size

192KB
Sample

201116-j74swxz37a
MD5

5a710e940d55b74ddba422b0721a073a
SHA1

c206d9d1cfa9dda15c89dade8725549eb9c50627
SHA256

779f5fa30734c1e35d61d0bad3961c60acd3553c33d91f057115be823ab54927
SHA512

227a35b52c4c82962b18b5981a74e73e24ee49530bede8a3ae6c5228b92829c993454bf6c2f76f3559bed357302ca4ddaa184207eed5970c1cf1f49e11a2b42a

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://driversna.com:443/files/tab_shop.png

Extracted

Family

cobaltstrike

C2

http://er.driversna.com:443/fo

http://df.driversna.com:443/fo

http://cv.driversna.com:443/fo

Attributes

access_type
512
beacon_type
2048
dns_idle
4.5673843e+07
dns_sleep
1.694498816e+09
host
er.driversna.com,/fo,df.driversna.com,/fo,cv.driversna.com,/fo
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAACwAAAAMAAAACAAAABUhTSUQ9AAAABgAAAAZDb29raWUAAAAJAAAADmRicHJlZml4PWZhbHNlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAACAAAAAMAAAACAAAACWRicHJlZml4PQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
10496
maxdns
255
polling_time
59957
port_number
443
sc_process32
%windir%\syswow64\regsvr32.exe
sc_process64
%windir%\sysnative\regsvr32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjAX68sewYZJjpqnXffGvEpuKnWAUCV3KlxJ4CoM+2HFSmT00/IHjJUOYEXMrClE5CUDj2v8aGxUtojZBY8FlfcpQ3e57Qu70ZSp2CoiGaMF9vRza/16UqA1giNQESZorQf962VJoNg/SKqWaZC+nFzkaUbDRebBcHK5lCw4qjbwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.272630272e+09
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/eo
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9

Targets

- Target
  
  PL64.dll
- Size
  
  192KB
- MD5
  
  5a710e940d55b74ddba422b0721a073a
- SHA1
  
  c206d9d1cfa9dda15c89dade8725549eb9c50627
- SHA256
  
  779f5fa30734c1e35d61d0bad3961c60acd3553c33d91f057115be823ab54927
- SHA512
  
  227a35b52c4c82962b18b5981a74e73e24ee49530bede8a3ae6c5228b92829c993454bf6c2f76f3559bed357302ca4ddaa184207eed5970c1cf1f49e11a2b42a
Score

10^/10

cobaltstrike metasploit backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

MetaSploit

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5