cobaltstrike | 0147862a5fa89fb5ef5364a9feabbcdd75e9b92f591699be40d6038169c23204 | Triage

Sharing

General

Target

关于院检验科检验规范的最新调整.zip
Size

83KB
Sample

220427-d3l2bsgfa5
MD5

709b6637380f6ac0dffb5ca75316adbc
SHA1

13a33868a4225ac06514d38fa1ff3dc3fc680c44
SHA256

0147862a5fa89fb5ef5364a9feabbcdd75e9b92f591699be40d6038169c23204
SHA512

a571fd5a28a5af5df600f2e896a01744a5996f7a4ead610b2dc771443de8229314be230de7b82c37622f4c44739cb2b2f914f2c5347f9727b7b57f10af77a2e3

Score

10^/10

cobaltstrike 1 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

1

C2

http://123.60.18.108:30443/api/groovy

http://dns1.azureedge.net:443/api/groovy

Attributes

access_type
512
beacon_type
2048
host
123.60.18.108,/api/groovy
http_header1
AAAABwAAAAAAAAANAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAABwAAAAAAAAADAAAAAgAAAAlKU0VTU0lPTj0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
3000
port_number
30443
sc_process32
%windir%\syswow64\WerFault.exe
sc_process64
%windir%\sysnative\WerFault.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3b39SnP1TTYFQKz0qNc+NrRuTaNRPDW8cnWXbaeiyCev7TcCKvHttZh8HlISzuRnsL6drAE577XZ6KzcA4UG/KBbpw2ca/+qxH5RGSeaM2WmTXULt4/a0qVI8vq9MOJ04dJJ9zLl7KBBhb6WtJMS/NHS/VF12XsNVc6XDhI043wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.700074752e+09
unknown2
AAAABAAAAAEAAAAIAAAAAgAAAAUAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/api/package
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36
watermark
1

Targets

- Target
  
  关于院检验科检验规范的最新调整.exe
- Size
  
  144KB
- MD5
  
  62c85007c27a163f00fdfdb82bb95b7a
- SHA1
  
  47438c43b13b6ffb518d1343c7fb74cf46e86f1d
- SHA256
  
  281f7edc9ed294b8a1589b8377edc747aaa6ebdaf173dadc96e12c77e7a7a4b3
- SHA512
  
  77a7659847a8ae0f5f2515adcdfe229fe48e860e53bb4896e15d0ab38388412ef906b755f443bb94d89032f47ef3c81ced2c240334c2c07d234b9c8db8d8bd6c
Score

10^/10

cobaltstrike 1 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrike1backdoortrojan

behavioral2

cobaltstrike1backdoortrojan