cobaltstrike | a2c5bd12da8bad836398270b2bc9ff81c616654d5c8d24095ec867a8d5be5ba3

Analysis

max time kernel
123s
max time network
123s
platform
windows10_x64
resource
win10-en-20211208
submitted
23-01-2022 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc4b842b4f6a87df3292e8634eefc935657edf78021b79f9763548c74a4d62b8.exe
Size

310KB
MD5

3be8e222b937f3c1090988c60dfb830f
SHA1

708fdc055e1b86076ba4342577c7dfc5aac6231e
SHA256

fc4b842b4f6a87df3292e8634eefc935657edf78021b79f9763548c74a4d62b8
SHA512

bf762e59fa0bcae77363e9eff96fa2827467bb69c2efebef273df4d1c4fd4ca2a063b1fe6798abc89a6720d3c7bb8b92314b9b8ae01e1979c61033898462c159

Score

10^/10

cobaltstrike 0 666 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

666

http://catalantech.com:443/wp-content/condensed-soups/

Attributes

access_type
512
beacon_type
2048
dns_idle
6.7372036e+07
dns_sleep
8.1297408e+08
host
catalantech.com,/wp-content/condensed-soups/
http_header1
AAAACgAAAF1BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCwqLyo7cT0wLjgAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUAAAAKAAAAIkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnIAAAAKAAAAFkNvbm5lY3Rpb246IGtlZXAtYWxpdmUAAAAHAAAAAAAAAA8AAAANAAAAAQAAAAkvc291cC5naWYAAAAMAAAAAAAAAA==
http_header2
AAAACgAAAB5Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb24AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAAPAAAACAAAAAYAAAAOQXV0aGVudGljYXRpb24AAAAHAAAAAQAAAAMAAAACAAAATXsiaW1hZ2VfdXJsIiA6ICJodHRwOi8vbWVtZXNtaXgubmV0L21lZGlhL2NyZWF0ZWQvam9vd2RqLmpwZyIsICJhdXRoZGF0YSIgOiAiAAAAAQAAAAIifQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
7680
maxdns
235
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\dfrgui.exe
sc_process64
%windir%\sysnative\dfrgui.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLu1RvfMEgF+HjkFoq/QEjMZ54V+A3OYLzArN8ECJlssKlYTib8cnmMfOVrchAajavti/aQRo3gwWSLi9fhFkWRTkq7lgn6yzgpYAl9tNfkR96xBReIE1Vt6V9319g3FcnmfQF89aLp8Uk+hPADnjI1TCDqZ7EXldrDiOny6E8ewIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.154317312e+09
unknown2
AAAABAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAADAAAAACAAAAMAAAAAIAAAAwAAAAAgAAACwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/picture_upload/
user_agent
Mozilla/5.0 (X11; CrOS x86_64 13597.94.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.186 Safari/537.36
watermark
666

Extracted

Family

cobaltstrike

Botnet

Attributes

watermark
0

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\fc4b842b4f6a87df3292e8634eefc935657edf78021b79f9763548c74a4d62b8.exe
"C:\Users\Admin\AppData\Local\Temp\fc4b842b4f6a87df3292e8634eefc935657edf78021b79f9763548c74a4d62b8.exe"
1⤵
PID:2708

C:\Windows\system32\sethc.exe
\SystemRoot\system32\sethc.exe
2⤵
PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2096-115-0x00007FFA09640000-0x00007FFA097AA000-memory.dmp

Filesize
1.4MB

Download
memory/2096-116-0x0000027EFCFE0000-0x0000027EFD020000-memory.dmp

Filesize
256KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads