cobaltstrike

General

Target

9127f4731cb668c005941f22e29406e5973f97a54faa0ea3d8b91b163e37b19a
Size

767KB
Sample

210428-fsml5dmzqx
MD5

38ac03e53cdc3c34a0ac359037c5684d
SHA1

c012eb2f47685d8c0d78936cd50591f26d15c4d5
SHA256

9127f4731cb668c005941f22e29406e5973f97a54faa0ea3d8b91b163e37b19a
SHA512

d880704dc01dddf4741fa03b53a6152b0dbb0b531780fc736fd8c81c51928f5d89e445535b57245155081d79990b8b8944e3c8d9f0aa3812ed19ba84004b23cb

Score

10^/10

cobaltstrike 0 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://vepcdn.microsoft.com:80/lite/static/js/1826.f1c2fa77.chunk.js

http://download.visualstudio.microsoft.com:80/lite/static/js/1826.f1c2fa77.chunk.js

Attributes

access_type
512
host
vepcdn.microsoft.com,/lite/static/js/1826.f1c2fa77.chunk.js,download.visualstudio.microsoft.com,/lite/static/js/1826.f1c2fa77.chunk.js
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAjUmVmZXJlcjogaHR0cDovL2JyYW5kLmxpbmtlZGluLmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADQAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAjUmVmZXJlcjogaHR0cDovL2JyYW5kLmxpbmtlZGluLmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAAFAAAACF9fY2ZkdWlkAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9472
polling_time
57305
port_number
80
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDa14pI+KHc4hacVJaYyMZHO0bzpDtNhP+JNn5mApEDAj9xpSHnp8rVq0Ekc9691bMZnfxnHdhxmXcSdPtBtI/nTtBlOnO/FZx9YuRssfXOP63XJ5eosw0DH6V5MM5EtAGUAlxGRS0okFP14AH9ACPjPhNXKgUhfGoWfDbnpwJnQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
7.28438016e+08
unknown2
AAAABAAAAAEAAAX8AAAAAgAAAHMAAAACAAAPYQAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/lite/static/js/4464.c01c0ad8.chunk.js
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36
watermark
0

Targets

- Target
  
  9127f4731cb668c005941f22e29406e5973f97a54faa0ea3d8b91b163e37b19a
- Size
  
  767KB
- MD5
  
  38ac03e53cdc3c34a0ac359037c5684d
- SHA1
  
  c012eb2f47685d8c0d78936cd50591f26d15c4d5
- SHA256
  
  9127f4731cb668c005941f22e29406e5973f97a54faa0ea3d8b91b163e37b19a
- SHA512
  
  d880704dc01dddf4741fa03b53a6152b0dbb0b531780fc736fd8c81c51928f5d89e445535b57245155081d79990b8b8944e3c8d9f0aa3812ed19ba84004b23cb
Score

10^/10

cobaltstrike 0 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2