cobaltstrike

General

Target

1.dll
Size

668KB
Sample

210829-6wf1lh8c76
MD5

2a6aac08f29f10209082172127bed7d2
SHA1

2af2212558c3d28edc29b5d50e0590efd6f3c428
SHA256

5ab95684cb8a8355b3f2f334fce6f2a96333ce5b51ffb2e1030d8a36c85c43f0
SHA512

228dc24f824451357d16d0bae2483303c8af081998598d8680906e8c33ea78d32234491ca39d0d5e086ee26c833bef36132ee1e3e6862bb285bfca7c1621e14b

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://d1n2x5h0loustn.cloudfront.net:443/jquery-3.3.1.min.js

Attributes

access_type
512
beacon_type
2048
host
d1n2x5h0loustn.cloudfront.net,/jquery-3.3.1.min.js
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAjSG9zdDogZDFuMng1aDBsb3VzdG4uY2xvdWRmcm9udC5uZXQAAAAKAAAAIFJlZmVyZXI6IGh0dHA6Ly9jb2RlLmpxdWVyeS5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAACV9fY2ZkdWlkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAjSG9zdDogZDFuMng1aDBsb3VzdG4uY2xvdWRmcm9udC5uZXQAAAAKAAAAIFJlZmVyZXI6IGh0dHA6Ly9jb2RlLmpxdWVyeS5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA8AAAANAAAABQAAAAhfX2NmZHVpZAAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9472
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7OhAgYHBCr6mdmNANZsYMUMQ4Z6lSs2KUnvC3p0BFUjQB4aq/yDf7kXIMJqmXW6wj9ovh+pILSeOYs7T/H9gct2r69afL5qdnUN9zwRYeebU8/nm/BA+XOe5TjTxTm1eGAbrZOlvXslKVhRbiedzD8tcJ+OyqRK19OcLflOVMVQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.234810624e+09
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/jquery-3.3.2.min.js
user_agent
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
watermark
0

Targets

- Target
  
  1.dll
- Size
  
  668KB
- MD5
  
  2a6aac08f29f10209082172127bed7d2
- SHA1
  
  2af2212558c3d28edc29b5d50e0590efd6f3c428
- SHA256
  
  5ab95684cb8a8355b3f2f334fce6f2a96333ce5b51ffb2e1030d8a36c85c43f0
- SHA512
  
  228dc24f824451357d16d0bae2483303c8af081998598d8680906e8c33ea78d32234491ca39d0d5e086ee26c833bef36132ee1e3e6862bb285bfca7c1621e14b
Score

10^/10

cobaltstrike 0 backdoor suricata trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response
  suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2