cobaltstrike

Sharing

Copy URL

Twitter E-mail

General

Target

8e96a9977d96e47db7c33cf350338b87
Size

2.5MB
Sample

211027-hqcz4sabem
MD5

8e96a9977d96e47db7c33cf350338b87
SHA1

84842f681f7640332f51e283aa8988cb37f4ff77
SHA256

7a51bf0527aa3f38ee5a9ae52c1a4f63d67d68af2da7b488f8ba7b66d665e618
SHA512

627627d69c9d5e065803a938839d6aa8cfbb8518c2cb40dc7959639eed406c255d343a773e30dc2c3f169576991a44148f97679677f5a5c041d1a4397c3f1eca

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

426352781

http://42.81.120.12:443/c/msdownload/update/others/2021/10/29136388_

http://111.12.28.24:443/c/msdownload/update/others/2021/10/29136388_

http://120.221.245.161:443/c/msdownload/update/others/2021/10/29136388_

http://221.180.219.232:443/c/msdownload/update/others/2021/10/29136388_

Attributes

access_type
512
beacon_type
2048
host
42.81.120.12,/c/msdownload/update/others/2021/10/29136388_,111.12.28.24,/c/msdownload/update/others/2021/10/29136388_,120.221.245.161,/c/msdownload/update/others/2021/10/29136388_,221.180.219.232,/c/msdownload/update/others/2021/10/29136388_
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAADQAAAAEAAAAELmNhYgAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAADQAAAAEAAAAELmNhYgAAAAwAAAAHAAAAAQAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
2560
polling_time
3000
port_number
443
sc_process32
%windir%\syswow64\wusa.exe
sc_process64
%windir%\sysnative\wusa.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeKX2ZC6z352UquYL608HlqSqWZnpPWO6XVwMv0J1dRN2RoKK8RqAOQRojHYe5D+ZtsIqIQ8g9CvgtGiloDvyEfOUjer8u/3SDM6ERYWtyxZH2iFm6OL2EGAAb0ysNFQImRN9ynhJ4iqll29xS6McHClteDRdJqRu/cZiOzMyjywIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.448416512e+09
unknown2
AAAABAAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/c/msdownload/update/others/2021/10/3215234_
user_agent
Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.31
watermark
426352781

Targets

- Target
  
  8e96a9977d96e47db7c33cf350338b87
- Size
  
  2.5MB
- MD5
  
  8e96a9977d96e47db7c33cf350338b87
- SHA1
  
  84842f681f7640332f51e283aa8988cb37f4ff77
- SHA256
  
  7a51bf0527aa3f38ee5a9ae52c1a4f63d67d68af2da7b488f8ba7b66d665e618
- SHA512
  
  627627d69c9d5e065803a938839d6aa8cfbb8518c2cb40dc7959639eed406c255d343a773e30dc2c3f169576991a44148f97679677f5a5c041d1a4397c3f1eca
Score

10^/10

cobaltstrike 426352781 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks