cobaltstrike

General

Target

6146617528975360.zip
Size

193KB
Sample

210916-tb73gsgehn
MD5

546617754873d17e954b25fed4ca5616
SHA1

2949ffc546c7736e210549a109ad3c8f64c88bbf
SHA256

d86d58db6cfe6500e1b84fc2b0a00ea0b42b48b05cf5860a3524345226e07692
SHA512

ae3cffa9a279e43a9ed1db55d6408721a69760e26ce4398642b3bbd3e583b660d1de9d8e922798696b21cbe802f02e9bc0db85616e8da682dabd270d7c70e3ee

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://boostetits.com:443/sm.html

Attributes

access_type
512
beacon_type
2048
host
boostetits.com,/sm.html
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAATQWNjZXB0LUVuY29kaW5nOiBicgAAAAoAAAA9QWNjZXB0LUxhbmd1YWdlOiBmci1DSCwgZnI7cT0wLjksIGVuO3E9MC44LCBkZTtxPTAuNywgKjtxPTAuNQAAAAcAAAAAAAAACwAAAAMAAAACAAAAK3dvcmRwcmVzc19kNmMwNDA1ZTBkN2FiMThmZDRlNmEwYjc0ZmNlNDBiMD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi1VUwAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAAIAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
10496
polling_time
60760
port_number
443
sc_process32
%windir%\syswow64\svchost.exe
sc_process64
%windir%\sysnative\svchost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKU1xujxzrHeO9D8BsRvJVZrfizeI8sjgj5QC3c87G6F2YVpcA/rBR8wbUTHSukPzLtkePY4qsHnp3VCOlkfRlynX4rvtiqWlNLM2+O4FV5xXA4UFUJmd5JDQjQiavEE4NisuGCSGvgMYjbq+yBg4Gtbgp7Nb9UsZkADcDtTnQiQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
7.8457344e+07
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/posting
user_agent
Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
watermark
1359593325

Targets

- Target
  
  0e83b5879826b7959ec265e079d12608101de7230c4d9437f36e25b64d752153
- Size
  
  219KB
- MD5
  
  f233f6e17dabd9fe364c100111b5bc7a
- SHA1
  
  f39df1204bf278eb7a40eef1418c3278b9b106dc
- SHA256
  
  0e83b5879826b7959ec265e079d12608101de7230c4d9437f36e25b64d752153
- SHA512
  
  11c3d400ba8412c037a9e30f687cdb817e959bf711ee67f3117bf9a781832584963681608e2360949203f6702dad396dd3c7955921b08632d19cffaabcf549f4
Score

10^/10

cobaltstrike 1359593325 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2