cobaltstrike

General

Target

6213413531451392.zip
Size

276KB
Sample

210916-vzqc1sgfgj
MD5

ce35d6cfe336071637c1261aabf5fd30
SHA1

e31b96a0f76f1f3976f2e969a2071a69b715e03b
SHA256

4f0d8356cbba546e9fc481ddd7e87613f4b7b56dfe406ddf7b6aa347764862c0
SHA512

274ac87e7bd061e94fd1c3cb0e9d8b6ab7870323c3a4a97969862e5d1d825819e2d11848e9f958cf6a051a2356ea07612e840adcf318387e2a1dffd922fc099a

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://firstaholic.com:443/ce

Attributes

access_type
512
beacon_type
2048
host
firstaholic.com,/ce
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAAD1BY2NlcHQtTGFuZ3VhZ2U6IGZyLUNILCBmcjtxPTAuOSwgZW47cT0wLjgsIGRlO3E9MC43LCAqO3E9MC41AAAABwAAAAAAAAADAAAAAwAAAAIAAAAQbWFkZV93cml0ZV9jb25uPQAAAAYAAAAGQ29va2llAAAACQAAAAphcHBseT10cnVlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAAgAAAADAAAAAgAAAAdjb2x1bW49AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9472
polling_time
62650
port_number
443
sc_process32
%windir%\syswow64\regsvr32.exe
sc_process64
%windir%\sysnative\regsvr32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbKlbT/NYlU0ltRC19awBAkTkdlbPU13B/zDRLjD+Ll0JukJfOKn3v33UFeviJ+Zfkg2AcsK4Pymhe0FWXSO34YKaKpclTxZrtQ+rCn+S+adIR95K54JsDbjf3FyG1B6UbsV2Et458B+bIxojXZdlzFZ1otNel2pmAKdETER+ZKwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
5.10860288e+08
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/mg
user_agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0
watermark
1359593325

Targets

- Target
  
  de154ff10e75d6626eefcd288fa6c3458c58d7a9db74eb8b31432dd5d87ed564
- Size
  
  480KB
- MD5
  
  2e0ba547566c76a7555b3ab981cd1dd5
- SHA1
  
  7bb3f946581b397c8e8c8563a50353c9b284fe46
- SHA256
  
  de154ff10e75d6626eefcd288fa6c3458c58d7a9db74eb8b31432dd5d87ed564
- SHA512
  
  f9b8789164a1a6e2ae76423d11e86273a451349dc234e00b5253638f5e69bb772502a8fa2f592007fe87cd066225cd8416ec3090d7ad04143e8b2911d8ee9c9b
Score

10^/10

cobaltstrike 1359593325 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2