cobaltstrike

General

Target

ca502bdf0f154e480dd474096eaabeb1b10084c68e050f92461e93d1fd505c34(1).zip
Size

259KB
Sample

210302-2g7pva1rt2
MD5

119be3e89dd1560abf2d1b98a696205b
SHA1

4bbb161523105521533670ce7bd1ab158bcf634c
SHA256

43e87f3969a80c2e3f7ba3e8823309892ab2625a1a5c2bb7b2012f131621cd29
SHA512

eb176073a59fcc82d226351836911cf93faabc7a96d8d4d7c88ed893a0986d7d870f5161cb72d1a308b12675bc93e0417cae4ed0d5678f5f666d6d859b8b29ba

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Attributes

beacon_type
512
http_header1
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
pipe_name
\\%s\pipe\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER%x
polling_time
10000
port_number
4444
sc_process32
%windir%\syswow64\svchost.exe -k netsvcs
sc_process64
%windir%\sysnative\svchost.exe -k netsvcs
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCONA8A72Bdn9495nGRpH9z/+z9E5p4nAmFzZqqyWaICLLT7ligrLTVitGEz6iZ4mPBPW6QfHDnCJYloBF9e0cC8v0seI2/VZmTso0f3vrTJEf6NdlRzYD/MQnkDCrPHKa+Z2stc9sKKG0nz6i4IXTN+D1SkTO1dl6vkeXpCWIdCQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

Targets

- Target
  
  test_vmray.ps1
- Size
  
  514KB
- MD5
  
  8c147be542bb5a80764a758514b7a0cc
- SHA1
  
  9b7070a20f9597947e4a3d11b0147d5398beb670
- SHA256
  
  ca502bdf0f154e480dd474096eaabeb1b10084c68e050f92461e93d1fd505c34
- SHA512
  
  711d024bbd234a9e5470fa5265695576329147974d38fe0f97d86e91e0c2a150d056d70059d9c9e8d1b76d0c4dd496eb66eb1e13728fe2bf1399ad686be7eb55
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2