cobaltstrike

General

Target

cb.exe
Size

565KB
Sample

201210-8zr11825t2
MD5

dbffcc741c54ae7632fb2807c888bdfe
SHA1

135fe840084973d099de68992de40224ed1680b9
SHA256

55c7a0ec28ac9319b3d2245882007c7c1f72b3f44970d24c6d5c355f993d1fb9
SHA512

eab651efd209dee4fb6137ecadfce58e4ecfd1cdcf767a28c02fefc62a814a08d97d81d942f3609a882b4b81767e322f1fea3c5d7688d2d7785a8f1f56e9ef4c

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://NuQuiedi8ezai5aHucei.cantusethis.fun:443/gifs/

http://Jae3Faita9jeiMeiVeiv.cantusethis.site:443/gifs/

http://ibee3sahkei7Ohcu9uGi.cantusethis.online:443/image/

Attributes

access_type
512
beacon_type
2048
dns_idle
6.7373064e+07
dns_sleep
8.1297408e+08
host
NuQuiedi8ezai5aHucei.cantusethis.fun,/gifs/,Jae3Faita9jeiMeiVeiv.cantusethis.site,/gifs/,ibee3sahkei7Ohcu9uGi.cantusethis.online,/image/
http_header1
AAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAAFJBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsKi8qO3E9MC44AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAAPAAAADQAAAAEAAAALL2tpdHRlbi5naWYAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAB5Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb24AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAAPAAAACAAAAAYAAAAOQXV0aGVudGljYXRpb24AAAAHAAAAAQAAAAMAAAACAAAAc3siaW1hZ2VfdXJsIiA6ICJodHRwczovL3N1bjktMjMudXNlcmFwaS5jb20vRzRKdmRaREVmTGRJUGxOTjEtSmtNR1EydW5mMktFSVY1NE9tNWcvYWJKNzBqR0hmVmsuanBnIiwgIm1ldGFkYXRhIiA6ICIAAAABAAAAAiJ9AAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
5120
maxdns
235
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\dfrgui.exe
sc_process64
%windir%\sysnative\dfrgui.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWJolZfZtN4+W4l2naPtrRPBZ9E6XqVyL8XSC08vwYVEtmn7iwPUgBQsddprki6QXEuQUro5OTw+ESzZzNrgOimS9DSimgnM8DroKyW8tQQgiPNHvIWyix4+fH7Ps7uEwr3o1nqPhEQHXYhmsHU/q73G6OxBHNR+OQDKaVgAg5bwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.2384e+09
unknown2
AAAABAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAABAAAAAAgAAAEAAAAACAAAAQAAAAAIAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/temp/
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36

Targets

- Target
  
  cb.exe
- Size
  
  565KB
- MD5
  
  dbffcc741c54ae7632fb2807c888bdfe
- SHA1
  
  135fe840084973d099de68992de40224ed1680b9
- SHA256
  
  55c7a0ec28ac9319b3d2245882007c7c1f72b3f44970d24c6d5c355f993d1fb9
- SHA512
  
  eab651efd209dee4fb6137ecadfce58e4ecfd1cdcf767a28c02fefc62a814a08d97d81d942f3609a882b4b81767e322f1fea3c5d7688d2d7785a8f1f56e9ef4c
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2