Static task
static1
Behavioral task
behavioral1
Sample
cobaltstrike_shellcode.bin.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
cobaltstrike_shellcode.bin.exe
Resource
win10v20210408
General
-
Target
cobaltstrike_shellcode.bin
-
Size
219KB
-
MD5
d3adabff54485aece3d22a7f3b4abf11
-
SHA1
2dec32d855052549dd887070d2081c8122bf051c
-
SHA256
e8568ac97eb4fc7cf8a24f4496526a0f829646d5b8408ad4640e929e7f41f0a3
-
SHA512
43f9f0013b75ed11b734f0a19398ee92c8633886e2846e16518fe38b31e487269122ee75bad940fd70abfaa5e65daf66e6e55b89fd4b9f832b3dc67e896a203b
Malware Config
Extracted
cobaltstrike
913766348
http://azurlink.net:443/cooling-pillows/
-
access_type
512
-
beacon_type
2048
-
host
azurlink.net,/cooling-pillows/
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAaSG9zdDogd3d3Lm1hdHRyZXNzZmlybS5jb20AAAAKAAAAJlJlZmVyZXI6IGh0dHBzOi8vd3d3Lm1hdHRyZXNzZmlybS5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAACV9fY2ZkdWlkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAaSG9zdDogd3d3Lm1hdHRyZXNzZmlybS5jb20AAAAKAAAAM1JlZmVyZXI6IGh0dHBzOi8vd3d3Lm1hdHRyZXNzZmlybS5jb20vdGVtcHVyLXBlZGljLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAPAAAADQAAAAUAAAAIX19jZmR1aWQAAAAHAAAAAQAAAA8AAAANAAAABAAAAAkAAAAKUXVhbnRpdHk9MQAAAAkAAAAOY2FydEFjdGlvbj1hZGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5888
-
polling_time
10000
-
port_number
443
-
sc_process32
%windir%\syswow64\gpresult.exe
-
sc_process64
%windir%\sysnative\gpupdate.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3QMG/rlJdsXRva2QUwJwe9Noab5dt5lAHRZZ6LUA3uAn7P/I2WckbpLqDdhG4c8vnR5yaXigz18k+Zsw8AG34TS6QSp7XkVy3FwPFyZUtB7fv/JhM1qLsxoac3ekW0+BcOeyH0kPk1C0lIo2ueI5CsPQv3DoEg6Y2nxaEic6R1QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.580105984e+09
-
unknown2
AAAABAAAAAEAAAqqAAAAAgAABNAAAAANAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/Sites-Mattress-Firm-Site/default/Cart-AddProduct/
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
-
watermark
913766348
Signatures
-
Cobaltstrike family
Files
-
cobaltstrike_shellcode.bin.exe windows x86