Overview

overview

10

Static

static

10

1.ps1

windows7_x64

10

1.ps1

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.ps1

  • Size

    342KB

  • Sample

    210727-qv2xqg2mnj

  • MD5

    59e827239f2392b954d985c77c9d5835

  • SHA1

    9cee71df4d3b630c13b105aa2a93ed26d49db908

  • SHA256

    0748c90ba4f1fcf603134cd9f98aafad3298d4fb859b189cfdf0523f63aa85bf

  • SHA512

    15bd39e114f6b5041c5dd820a0b1b8cc02b4f72d4f5b6c0754a1fa511cb79707973114d5ba0bb4f25b8db1168769cc57b512e487f24af3126ba3e2bdd5f10a7d

Score
10/10
cobaltstrike305419776backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419776

C2

http://amibios-updater.com:757/logo

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    amibios-updater.com,/logo

  • http_header1

    AAAAEAAAABlIb3N0OiBhbWliaW9zLXVwZGF0ZXIuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAATQWNjZXB0LUVuY29kaW5nOiBicgAAAAoAAAA9QWNjZXB0LUxhbmd1YWdlOiBmci1DSCwgZnI7cT0wLjksIGVuO3E9MC44LCBkZTtxPTAuNywgKjtxPTAuNQAAAAcAAAAAAAAACwAAAAMAAAACAAAADHJlZ19mYl9nYXRlPQAAAAYAAAAGQ29va2llAAAACQAAAAxuZXduYW1lPXRydWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAABlIb3N0OiBhbWliaW9zLXVwZGF0ZXIuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAANAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    9472

  • polling_time

    59185

  • port_number

    757

  • sc_process32

    %windir%\syswow64\svchost.exe

  • sc_process64

    %windir%\sysnative\svchost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD8r8FL1Z+2Dj11n8yfOovicCp/feIgiC3nJ4Wf4jTO8RS457mP3KLeIXrWcaP7EXlyOsS4OOVB1ao/jXlyE4NBFuYd6teyBcasiMEmZQM7HA40xBHUlYdX2C6C6AlXwt6Y1x/MSjAqOoNfRpEOWiqCoWLdnbCDAWaCBCW4E/JtKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.272630272e+09

  • unknown2

    AAAABAAAAAIAAAFSAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /temp

  • user_agent

    Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0

  • watermark

    305419776

Targets

    • Target

      1.ps1

    • Size

      342KB

    • MD5

      59e827239f2392b954d985c77c9d5835

    • SHA1

      9cee71df4d3b630c13b105aa2a93ed26d49db908

    • SHA256

      0748c90ba4f1fcf603134cd9f98aafad3298d4fb859b189cfdf0523f63aa85bf

    • SHA512

      15bd39e114f6b5041c5dd820a0b1b8cc02b4f72d4f5b6c0754a1fa511cb79707973114d5ba0bb4f25b8db1168769cc57b512e487f24af3126ba3e2bdd5f10a7d

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks