cobaltstrike

General

Target

fd3f386397ab9f626b2888e40a7998c9.exe
Size

6.1MB
Sample

210727-xezdnt3ckn
MD5

fd3f386397ab9f626b2888e40a7998c9
SHA1

a53c33779e705674531c5bf7af547e54107282f4
SHA256

b735bf8a33209f968ae46a4f632bc07bff6ea83f66130934365b5be363657fd4
SHA512

ce9f20694070d50ed1dee7dfd81b4a6428ad1129804f5ce41b4a0141be097795c197762363c8817041799177c057a9b654b63ea17e053eee65c4616d8858958e

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://103.72.4.166:8443/images/logo_max.png

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://103.72.4.166:8443/images/logo.png

Attributes

access_type
512
beacon_type
2048
host
103.72.4.166,/images/logo.png
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAEAAAAJWWVzQnlwYXNzAAAADwAAAAsAAAANAAAAAgAAABtodHRwczovL3d3dy5iYWlkdS5jb20vcz93ZD0AAAABAAAAHiZpc3NwPTEmdG49YmFpZHVob21lXyZpZT11dGYtOAAAAAYAAAAHUmVmZXJlcgAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAMAAAAPAAAADQAAAAUAAAAGdGlja2V0AAAABwAAAAEAAAADAAAAAQAAAAhJbWJ5cGFzcwAAAA8AAAANAAAAAwAAAAIAAAAlX19FVkVOVFZBTElEQVRJT049QzJFOUFCJl9fVklFV1NUQVRFPQAAAAEAAAAKJnVzZXI9amFjawAAAAQAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
polling_time
10000
port_number
8443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYHBQUUh9ez/ut26TEc5mMdd9JANu04+lF5gqDIJCV4uhT+KDwKkIGYCb6MEj4RCw/BKIdq2Imer2/RdSZOjop6khVxVOHRFn4x9crrd9XNMIYbipnacSLhdMMfsO9x1ZAQligc6mld/+SpSB2Z7UwRR9WgF/59HZAVqMtlG459QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.149856768e+09
unknown2
AAAABAAAAAEAAAtfAAAAAgAACL0AAAANAAAAAwAAAAEAAAAKAAAADQAAAAsAAAAIAAAADwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/user/CheckLogin
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
watermark
305419896

Targets

- Target
  
  fd3f386397ab9f626b2888e40a7998c9.exe
- Size
  
  6.1MB
- MD5
  
  fd3f386397ab9f626b2888e40a7998c9
- SHA1
  
  a53c33779e705674531c5bf7af547e54107282f4
- SHA256
  
  b735bf8a33209f968ae46a4f632bc07bff6ea83f66130934365b5be363657fd4
- SHA512
  
  ce9f20694070d50ed1dee7dfd81b4a6428ad1129804f5ce41b4a0141be097795c197762363c8817041799177c057a9b654b63ea17e053eee65c4616d8858958e
Score

10^/10

cobaltstrike 305419896 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2