cobaltstrike

Sharing

Copy URL

Twitter E-mail

General

Target

bjh.7z
Size

792KB
Sample

220108-pldjeadab9
MD5

b49756fe5fe43ec29b7cf127c0c75055
SHA1

615bc4a10505cae9d2c760d578196f6315dcbf48
SHA256

3fa703e1d556c84938fa6260fd19c812b4a05a582df95ed8cf2e4eb494f74fde
SHA512

605d7a719c638812e6b56a19c5ea9e4f22ffe07b01cfaf9e97dc1dbc1954872c80a0e9de1f7abc33057f467564e3f8eb9c18c374d24a554f1471e086c6250c4e

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

20410727

http://111.123.50.143:443/c/msdownload/update/others/2021/10/29136388_

http://111.41.56.173:443/c/msdownload/update/others/2021/10/29136388_

http://218.68.91.40:443/c/msdownload/update/others/2021/10/29136388_

http://183.192.164.125:443/c/msdownload/update/others/2021/10/29136388_

Attributes

access_type
512
beacon_type
2048
host
111.123.50.143,/c/msdownload/update/others/2021/10/29136388_,111.41.56.173,/c/msdownload/update/others/2021/10/29136388_,218.68.91.40,/c/msdownload/update/others/2021/10/29136388_,183.192.164.125,/c/msdownload/update/others/2021/10/29136388_
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAADQAAAAEAAAAELmNhYgAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAADQAAAAEAAAAELmNhYgAAAAwAAAAHAAAAAQAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
2560
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\wuauclt.exe
sc_process64
%windir%\sysnative\wuauclt.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfV7huVJOwPd8CSFoVk0MTd22Mdcih2TPn+E5z0nSvRP6CjkeS2oX0KywSL6JqPNwGNMGspBdLcWipYaE4c7bx59o0NjvU5qIaUqP+v1JIVnqL1pURznjBRhpjq4tbrrhugBGc0NycZ6Yg7TzxysAFm/+IrFyylTUQSl//57EIDwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.448416512e+09
unknown2
AAAABAAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/c/msdownload/update/others/2021/10/3215234_
user_agent
Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.31
watermark
20410727

Targets

- Target
  
  jcef_helper.exe
- Size
  
  720KB
- MD5
  
  02b6f7bd556e311ea0a6db767a790d56
- SHA1
  
  65d5f8b05fa2cdbbd14c147545aa236457cde5a5
- SHA256
  
  97ed6221334e20650504e0ba8964687b66fcf89172a633ebcd6c1da09663405f
- SHA512
  
  4a7f49a4487b0cbd4017c1cac1fb6484fa94efe681c236823d6ab4539b6c5a6038022a8e795b71d9b8336b4b1be6a9865101e7b6e9192e5bfef81188052c3e9e
Score

10^/10

cobaltstrike 20410727 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2
- Target
  
  libcef.dll
- Size
  
  1.5MB
- MD5
  
  9d78d3951d228f3c0a343e4754b80abc
- SHA1
  
  53fbc461990975c05e368807496343176976949f
- SHA256
  
  e91bece5ca4dd53ddcf926b4d132905124d214457f86e0ed4dd01d904907cef4
- SHA512
  
  2d510b3d39ef66bf18bd9c44688a738eca18ae11c13fa65c4988e98da3b11337fd568b1169db36cb4aaa19440a1a110c63e0387c3efc19c0118fabef33addff2
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4