cobaltstrike

General

Target

f0c21480a5ebde8ed2e9e91a1ad7e0a83419155aeeb36c1423a09c86becb62fb
Size

746KB
Sample

220124-afz3wsgef8
MD5

b79ac58a4abd87d445670ed97c0a4061
SHA1

7678e142c4d455a2861ef774f5706452af41d02d
SHA256

f0c21480a5ebde8ed2e9e91a1ad7e0a83419155aeeb36c1423a09c86becb62fb
SHA512

ec292db908ae43069bf208ac533fc934c45587a88ec832ac7faffb17177d6ce94ee4949b3c4b3286fb31becf1646b800f68d6ce74d7d2efb3c9769856bc504b6

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

426352781

C2

http://download.windows-microsoft-en.com:443/cms/api/am/checkLogin

Attributes

access_type
512
beacon_type
2048
host
download.windows-microsoft-en.com,/cms/api/am/checkLogin
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAkSG9zdDogZG93bmxvYWQud2luZG93cy5taWNyb3NvZnQuY29tAAAACQAAAAhpZT11dGYtOAAAAAkAAAAWbXNfcHE9ZDRlNDM2NWIwMDBkODZlOQAAAAkAAABEbXNfcmVmPTY2OTdBMWppOWxoSUoyQkZGVm5SVDJCbEhpdnNYQ3owa1ltcm9CenN4ZXRyMjZUZzlpc1JzM0h2NHFrVFkAAAAHAAAAAAAAAA0AAAACAAAAi2lkcz10YXNtaWdyYXRpb24wMTAuY2FydGVtYmVycGwuZGlzYWJsZW5vcmVmdW5kcy5kYWNvbnZlcnRlbmFibGVkLmVuYWJsZXNjYXJsZXR0bWV0YWRhdGE7aW1wPTZmOWY4MjkwLWE3M2QtNGFmOC05ZjNlLTQwNTRmZDBhMGZhNTtTRVNTSU9OUz0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAACRIb3N0OiBkb3dubG9hZC53aW5kb3dzLm1pY3Jvc29mdC5jb20AAAAKAAAAC0FjY2VwdDogKi8qAAAACQAAAAhpZT11dGYtOAAAAAkAAAAWbXNfcHE9ZDRlNDM2NWIwMDBkODZlOQAAAAkAAABEbXNfcmVmPTY2OTdBMWppOWxoSUoyQkZGVm5SVDJCbEhpdnNYQ3owa1ltcm9CenN4ZXRyMjZUZzlpc1JzM0h2NHFrVFkAAAAHAAAAAAAAAAMAAAACAAAAi2lkcz10YXNtaWdyYXRpb24wMTAuY2FydGVtYmVycGwuZGlzYWJsZW5vcmVmdW5kcy5kYWNvbnZlcnRlbmFibGVkLmVuYWJsZXNjYXJsZXR0bWV0YWRhdGE7aW1wPTZmOWY4MjkwLWE3M2QtNGFmOC05ZjNlLTQwNTRmZDBhMGZhNTtTRVNTSU9OUz0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAIAAABTQXBwaWQ9NWVjNzVhYTZlZTEzZDRiZDRmODImY3NyZmlkPTU1ZDcxZWI2NjhiN2Q1ZWNmOGMzMmViYTZlNjE1MTVmODE4ZWExMGFjNDAmRGF0YT0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
7680
polling_time
35000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCOHTBHY2KE5J117W1CYAndtVOlmc/TGjF120dd15v49sKCevreY6O/rmDcr1rg8XJj+N4Iu43lIHosgrPhfxGMSecKChWYmL8lHHXP+jRMl725S0S0lF/Ns+95RkyXFh56yTdS5ziRvsAj1iO6QSwzEz2RnYeGAtxTUVIVCI6qKwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.109360896e+09
unknown2
AAAABAAAAAEAAAA5AAAAAgAAACgAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/cms/api/am/checkLoginState
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
watermark
426352781

Targets

- Target
  
  f0c21480a5ebde8ed2e9e91a1ad7e0a83419155aeeb36c1423a09c86becb62fb
- Size
  
  746KB
- MD5
  
  b79ac58a4abd87d445670ed97c0a4061
- SHA1
  
  7678e142c4d455a2861ef774f5706452af41d02d
- SHA256
  
  f0c21480a5ebde8ed2e9e91a1ad7e0a83419155aeeb36c1423a09c86becb62fb
- SHA512
  
  ec292db908ae43069bf208ac533fc934c45587a88ec832ac7faffb17177d6ce94ee4949b3c4b3286fb31becf1646b800f68d6ce74d7d2efb3c9769856bc504b6
Score

10^/10

cobaltstrike 426352781 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2