cobaltstrike

General

Target

5926893401047040.zip
Size

276KB
Sample

220123-v551nagcf2
MD5

c8dc43af1500701e157d16d75a870232
SHA1

fefe2df7ae49c5529ab50c778757474b5a54016c
SHA256

a2c5bd12da8bad836398270b2bc9ff81c616654d5c8d24095ec867a8d5be5ba3
SHA512

58c65a4b8957afda1e1a32d133f90a38b775735dbc84fd83d6be68f411dd1ceff0091fb5244476e4a74e364f6092588c2f4011a6ebb5ab13a1ff5094082c3c8d

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

666

C2

http://catalantech.com:443/wp-content/condensed-soups/

Attributes

access_type
512
beacon_type
2048
dns_idle
6.7372036e+07
dns_sleep
8.1297408e+08
host
catalantech.com,/wp-content/condensed-soups/
http_header1
AAAACgAAAF1BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCwqLyo7cT0wLjgAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUAAAAKAAAAIkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnIAAAAKAAAAFkNvbm5lY3Rpb246IGtlZXAtYWxpdmUAAAAHAAAAAAAAAA8AAAANAAAAAQAAAAkvc291cC5naWYAAAAMAAAAAAAAAA==
http_header2
AAAACgAAAB5Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb24AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAAPAAAACAAAAAYAAAAOQXV0aGVudGljYXRpb24AAAAHAAAAAQAAAAMAAAACAAAATXsiaW1hZ2VfdXJsIiA6ICJodHRwOi8vbWVtZXNtaXgubmV0L21lZGlhL2NyZWF0ZWQvam9vd2RqLmpwZyIsICJhdXRoZGF0YSIgOiAiAAAAAQAAAAIifQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
7680
maxdns
235
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\dfrgui.exe
sc_process64
%windir%\sysnative\dfrgui.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLu1RvfMEgF+HjkFoq/QEjMZ54V+A3OYLzArN8ECJlssKlYTib8cnmMfOVrchAajavti/aQRo3gwWSLi9fhFkWRTkq7lgn6yzgpYAl9tNfkR96xBReIE1Vt6V9319g3FcnmfQF89aLp8Uk+hPADnjI1TCDqZ7EXldrDiOny6E8ewIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.154317312e+09
unknown2
AAAABAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAACwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/picture_upload/
user_agent
Mozilla/5.0 (X11; CrOS x86_64 13597.94.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.186 Safari/537.36
watermark
666

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Targets

- Target
  
  fc4b842b4f6a87df3292e8634eefc935657edf78021b79f9763548c74a4d62b8
- Size
  
  310KB
- MD5
  
  3be8e222b937f3c1090988c60dfb830f
- SHA1
  
  708fdc055e1b86076ba4342577c7dfc5aac6231e
- SHA256
  
  fc4b842b4f6a87df3292e8634eefc935657edf78021b79f9763548c74a4d62b8
- SHA512
  
  bf762e59fa0bcae77363e9eff96fa2827467bb69c2efebef273df4d1c4fd4ca2a063b1fe6798abc89a6720d3c7bb8b92314b9b8ae01e1979c61033898462c159
Score

10^/10

cobaltstrike 0 666 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2