Overview

overview

10

Static

static

10

asdfgh.ps1

windows7_x64

10

asdfgh.ps1

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    asdfgh

  • Size

    193KB

  • Sample

    211019-r7qf7sghfl

  • MD5

    7e1fdce1a506b0c19f231e4e55a5475a

  • SHA1

    446bdbfbaaf7de20eb6be6db5ac4e038710a5188

  • SHA256

    29c8c4ba356d546eecb0090fbc2f20047ae59dd9b8e8dd6f1165203823c89299

  • SHA512

    992169d1ae7bca9b56712e31df15dad70c8dab28cff5efcff7c4b6989675e175e62e2e5ad06fb1df2e350fe6bc3b898a3d07e7bb7e240178f26b211a3467b250

Score
10/10
cobaltstrike1359593325backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://173.234.155.219:80/ml.html

Attributes
  • access_type

    512

  • host

    173.234.155.219,/ml.html

  • http_header1

    AAAAEAAAABlIb3N0OiBzb3Bob3NzZWN1cml0eXQuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAZQWNjZXB0LUVuY29kaW5nOiBnemlwLCBicgAAAAcAAAAAAAAACAAAAAMAAAACAAAAK3dvcmRwcmVzc19lZDFmNjE3YmJkNmMwMDRjYzA5ZTA0NmYzYzFiNzE0OD0AAAAGAAAABkNvb2tpZQAAAAkAAAAOcHJvZmlsZXI9ZmFsc2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAABlIb3N0OiBzb3Bob3NzZWN1cml0eXQuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAABhDb250ZW50LVR5cGU6IHRleHQvcGxhaW4AAAAHAAAAAQAAAA8AAAADAAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    9984

  • polling_time

    55633

  • port_number

    80

  • sc_process32

    %windir%\syswow64\WUAUCLT.exe

  • sc_process64

    %windir%\sysnative\WUAUCLT.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJvC2CQYaIouT41kXKVNrM5lLvclGJRE+i3ves+vC0AADUWTPs64Dn/B4eKlQKPpbC/8IgJjadD/B9pZiY8XUlk4dvaagLdjBCq7uSxS+KhVVsX46LBSBgIxaE4AeoZvwBD2n0wdeeI2sbkMvDhhv5s6Nmz12sAtOVGdr8cX3s5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.272630272e+09

  • unknown2

    AAAABAAAAAIAAAFSAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /favicon

  • user_agent

    Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0

  • watermark

    1359593325

Targets

    • Target

      asdfgh

    • Size

      193KB

    • MD5

      7e1fdce1a506b0c19f231e4e55a5475a

    • SHA1

      446bdbfbaaf7de20eb6be6db5ac4e038710a5188

    • SHA256

      29c8c4ba356d546eecb0090fbc2f20047ae59dd9b8e8dd6f1165203823c89299

    • SHA512

      992169d1ae7bca9b56712e31df15dad70c8dab28cff5efcff7c4b6989675e175e62e2e5ad06fb1df2e350fe6bc3b898a3d07e7bb7e240178f26b211a3467b250

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks