cobaltstrike | 66142e40bbf3e3c6a0920575d0b1a183552743eb228703dcba505c680ad46c5d

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
04-07-2022 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66142e40bbf3e3c6a0920575d0b1a183552743eb228703dcba505c680ad46c5d.exe
Size

255KB
MD5

f092c0582f46c59c3290069e08a83d41
SHA1

aed0e4321dbe88ce550fdbbc4ab186bf4a15bb13
SHA256

66142e40bbf3e3c6a0920575d0b1a183552743eb228703dcba505c680ad46c5d
SHA512

afb17f5f74118f51aa37960667ec672ffea97ac133dade151d1afe85c9986ae32c5cfff481d10bed580e80955645190b9e728b69c5b49b85c2e5fd8a5e510bb2

Score

10^/10

cobaltstrike 0 backdoor suricata trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://service-4yjfwqks-1253795072.gz.apigw.tencentcs.com:443/api/auth/v1/log

Attributes

access_type
512
beacon_type
2048
dns_idle
1.920103026e+09
dns_sleep
2.281701376e+09
host
service-4yjfwqks-1253795072.gz.apigw.tencentcs.com,/api/auth/v1/log
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAJUFjY2VwdC1MYW5ndWFnZTogZW4tR0I7cT0wLjksICo7cT0wLjcAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
9984
maxdns
245
polling_time
18016
port_number
443
sc_process32
%windir%\syswow64\runonce.exe
sc_process64
%windir%\sysnative\runonce.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCRJx2dZzc8GWRj2VvEujfnfFVhZn88+m4KPljoyJ1SbwVUn4KaJ6PZnk24CMnk5QixLh/TOp78O4Gl+BGB27OybgdKnFqXt26CkphO+mx+w0o/GRGWIN3zjNlGVLbJsXglO5NDo/mMQwoNn8SPbm5FcFdAsJWWb+7zS1RVhphdWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/api/baidu/auth
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
watermark
0

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1
suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1
suricata

C:\Users\Admin\AppData\Local\Temp\66142e40bbf3e3c6a0920575d0b1a183552743eb228703dcba505c680ad46c5d.exe
"C:\Users\Admin\AppData\Local\Temp\66142e40bbf3e3c6a0920575d0b1a183552743eb228703dcba505c680ad46c5d.exe"
1⤵
PID:4736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4736-130-0x0000000002F80000-0x0000000002FFE000-memory.dmp

Filesize
504KB

Download
memory/4736-131-0x0000000002B80000-0x0000000002F80000-memory.dmp

Filesize
4.0MB

Download
memory/4736-132-0x0000000002F80000-0x0000000002FFE000-memory.dmp

Filesize
504KB

Download
memory/4736-133-0x0000000002B80000-0x0000000002F80000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads