cobaltstrike

General

Target

54e09973da1818e1c74c58afb44309a1.dll
Size

199KB
Sample

201120-artt41g8gj
MD5

54e09973da1818e1c74c58afb44309a1
SHA1

f6179da0ca78312643dd68675f13fd496630656c
SHA256

08934079f330381b5a9bd3f4f089f328b77c26080aff49a3894b6e4de0d485bc
SHA512

fb6fa0a8efa499e0adc7728ea8d8f733d41b080764979b7c548bcdfa676ceff0bdd09f33c44477e3acd9469798a3319422481cc422c884fda4ad9c470f9b2cce

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://85.143.220.196:8180/__utm.gif

Attributes

host
85.143.220.196,/__utm.gif
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
60000
port_number
8180
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChvz2oKTJ0/eJ7cFxHaHPhGqqNrEeTk0/ji502tl8m/Hm/oETz8CH0xSxpU5gyg+tG0FqOQY3WOvmPz61LGiGv4spGlz3Hxd8HXEnd3rk560YzaAPlbwB3bBjbPs1GCAYK5qkDOO7a1WhfdEMBDbtZeqY1JpMSSMovpUojps3qLwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MANM)

Targets

- Target
  
  54e09973da1818e1c74c58afb44309a1.dll
- Size
  
  199KB
- MD5
  
  54e09973da1818e1c74c58afb44309a1
- SHA1
  
  f6179da0ca78312643dd68675f13fd496630656c
- SHA256
  
  08934079f330381b5a9bd3f4f089f328b77c26080aff49a3894b6e4de0d485bc
- SHA512
  
  fb6fa0a8efa499e0adc7728ea8d8f733d41b080764979b7c548bcdfa676ceff0bdd09f33c44477e3acd9469798a3319422481cc422c884fda4ad9c470f9b2cce
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2