Overview

overview

10

Static

static

e3342127aa...ae.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3342127aa743721472025f865ac4027244d3f08033111166b741ffe1d2452ae

  • Size

    3.2MB

  • Sample

    211224-tsrf3adedq

  • MD5

    54d3dcc9b1d3cba50127a4e4501e766b

  • SHA1

    27fa1da40a60218871e334bc84fd60a12947057f

  • SHA256

    e3342127aa743721472025f865ac4027244d3f08033111166b741ffe1d2452ae

  • SHA512

    ede4343931b3f7967088701dd42b8871fca5671fe2b21be28e6134105d12e813ed734bb31925e8ffe3892482a796d06e1b5014e5de3bdbaa07249d6313a4e911

Score
10/10
cobaltstrike0backdoorsuricatatrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://cache.pay-api.api-cloudflare.com:8081/cm

Attributes
  • access_type

    512

  • host

    cache.pay-api.api-cloudflare.com,/cm

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    8081

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHhLDzJ2hK145e+p7Zblj41w92apyesEIV+p6hDB0a3Lq41gQGX1ERtYqDr+EmXrY4rpSD/xw1GdPNwlmS/3xsEcI0irDFJPK8UY83Ra2siqrAr8M0r5VfFBuZOTMKqm66I4zK3X4I+HRRHpMED0tKni4GsFkwNBYzWNy1SWy5aQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)

  • watermark

    0

Targets

    • Target

      e3342127aa743721472025f865ac4027244d3f08033111166b741ffe1d2452ae

    • Size

      3.2MB

    • MD5

      54d3dcc9b1d3cba50127a4e4501e766b

    • SHA1

      27fa1da40a60218871e334bc84fd60a12947057f

    • SHA256

      e3342127aa743721472025f865ac4027244d3f08033111166b741ffe1d2452ae

    • SHA512

      ede4343931b3f7967088701dd42b8871fca5671fe2b21be28e6134105d12e813ed734bb31925e8ffe3892482a796d06e1b5014e5de3bdbaa07249d6313a4e911

    Score
    10/10
    cobaltstrike0backdoorsuricatatrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • suricata: ET MALWARE Cobalt Strike Beacon Observed

      suricata: ET MALWARE Cobalt Strike Beacon Observed

      suricata
    behavioral1

MITRE ATT&CK Matrix

Tasks