cobaltstrike | 94053dfbc06bc7124129dd51fabf67f7f3738109d6dc11d0b4bb785f0e93c0b6

Analysis

max time kernel
123s
max time network
126s
platform
windows10_x64
resource
win10-en-20211208
submitted
12-01-2022 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ayfaga3.exe
Size

389KB
MD5

d053d4cd461951966e47ea44d28b42f8
SHA1

1ec4ce0b1379f951bc0fafcee15ac0945ab1beac
SHA256

94053dfbc06bc7124129dd51fabf67f7f3738109d6dc11d0b4bb785f0e93c0b6
SHA512

f132082ae13457c92a8b44bcd4bfb81bc07cb62e52a6ec89d6c17867a50bc0227f5ca4d813d516a446d9a6d1ec20ed69e611f8d44333916d0209ad7864217df3

Score

10^/10

cobaltstrike 1580103824 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

1580103824

http://104.168.44.45:443/ptj

Attributes

access_type
512
beacon_type
2048
host
104.168.44.45,/ptj
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnCZHWnYFqYB/6gJdkc4MPDTtBJ20nkEAd3tsY4tPKs8MV4yIjJb5CtlrbKHjzP1oD/1AQsj6EKlEMFIKtakLx5+VybrMYE+dDdkDteHmVX0AeFyw001FyQVlt1B+OSNPRscKI5sh1L/ZdwnrMy6S6nNbQ5N5hls6k2kgNO5nQ7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)
watermark
1580103824

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\Ayfaga3.exe
"C:\Users\Admin\AppData\Local\Temp\Ayfaga3.exe"
1⤵
PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2344-115-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-116-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-117-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-118-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-119-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-120-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-121-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-122-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-123-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-124-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-125-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-127-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-128-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-129-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-130-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-132-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-133-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-131-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-126-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-134-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-135-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-136-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-137-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-138-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-139-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-140-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-141-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-142-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-143-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-144-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-145-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-146-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-147-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-148-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-149-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-150-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-151-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-152-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-153-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-154-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-155-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-156-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-157-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-158-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-159-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-160-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-161-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-162-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-163-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-164-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-165-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-166-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-167-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-168-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-169-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-170-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-171-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-172-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-173-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-174-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-175-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-177-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-176-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-178-0x00007FFE7D660000-0x00007FFE7D661000-memory.dmp

Filesize
4KB

Download
memory/2344-342-0x000002038E830000-0x000002038E871000-memory.dmp

Filesize
260KB

Download
memory/2344-343-0x0000020390380000-0x00000203903CE000-memory.dmp

Filesize
312KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads