cobaltstrike

General

Target

6582852515430400.zip
Size

194KB
Sample

220121-t71naaacd3
MD5

51a6e9c85ad559e03df159989567d0d1
SHA1

e77c110bcb4e5d5e7f56601e964cc5dd33c2d981
SHA256

8ffec06f2b7c60bfef1b0c8d3f227b7222ea1ba2f623d18406680db5e08b9211
SHA512

dfc132990cf7c3bcc8ecd880447cf23fb9e36864ac7241f4ca24c4fb6022041011a8bbbca52a03c74e0a72c4c9167b85e8001501f300dd8ec057f287087ae348

Score

10^/10

cobaltstrike 0 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://shemsut.com:80/access/

Attributes

access_type
512
host
shemsut.com,/access/
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeR2V0Q29udGVudEZlYXR1cmVzLkRMTkEuT1JHOiAxAAAAEAAAACNIb3N0OiBkMjBodnNvd2huZXBqcC5jbG91ZGZyb250Lm5ldAAAAAoAAABIQ29va2llOiAgX191dG1hPTM3NjY3NzYxMy41OTkzMjU0MzgyLjg1MzE0MjMyOTYuMzEwNjgyOTcyNi4yNzY0NDU3NjAzLjk7AAAACQAAAAl2ZXJzaW9uPTQAAAAJAAAADmxpZD04ODU5NDgzMTUwAAAABwAAAAAAAAAIAAAABQAAAAV0b2tlbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAI0hvc3Q6IGQyMGh2c293aG5lcGpwLmNsb3VkZnJvbnQubmV0AAAABwAAAAAAAAAFAAAAA3JpZAAAAAkAAAAObGlkPTE0NDk1NzIzMjMAAAAJAAAAH21ldGhvZD1nZXRTZWFyY2hSZWNvbW1lbmRhdGlvbnMAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
880
port_number
80
sc_process32
%windir%\syswow64\mstsc.exe
sc_process64
%windir%\sysnative\mstsc.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEjBm6bwxp80Ms1hN+mZREU9XEUJmDuJQeZhuznp9TYDmGsgqwaDMsI7YExD1rZ5eSa1YOC33Lwc6KJyNQ2X9a80oTRfdAVFAhYvvOC2/0WWnIlzeqMA+7l6gQFxb7ipe+oBm/bAizBPxVkJl/mpZXi32EdVTVZ/miqdmHCxh+lwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
7.382016e+08
unknown2
AAAABAAAAAIAAAAQAAAAAgAAABAAAAACAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/radio/xmlrpc/v35
user_agent
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB6 (.NET CLR 3.5.30729)
watermark
0

Targets

- Target
  
  02f799aefea8c02dee48ad0773f25272d67dae6f31deec90ed1fbd8de7be69e1
- Size
  
  220KB
- MD5
  
  d5a716126c1c964849c6b57d9b0fdc86
- SHA1
  
  426e890d6bca1ef5cb7918daa2652cd73beb6e67
- SHA256
  
  02f799aefea8c02dee48ad0773f25272d67dae6f31deec90ed1fbd8de7be69e1
- SHA512
  
  6c41239d64dbd75a7eeba0abfe39e0b096d5ecf53a807bdadfe065d8419df2c2957c768f730f06c006f02d898e80de769b1b07e0c20fac360d4ed7332c23684b
Score

10^/10

cobaltstrike 0 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2