cobaltstrike | ed89687fb1cf814248a1ddbf71a59debcbab78baad916199f95aff960ef7df77 | Triage

Submit
Reports

Overview

overview

Static

static

ed89687fb1...77.exe

windows7_x64

ed89687fb1...77.exe

windows10-2004_x64

Sharing

General

Target

ed89687fb1cf814248a1ddbf71a59debcbab78baad916199f95aff960ef7df77
Size

18.8MB
Sample

220708-y35hwsfddn
MD5

b10b89d74fc2a229b6bfec1ffc9bfd58
SHA1

ceafab7ef62186130319856ea13f9abab441f404
SHA256

ed89687fb1cf814248a1ddbf71a59debcbab78baad916199f95aff960ef7df77
SHA512

e17b73fc55655e636c45da56e3d44d84511b15c05f16498d60dc66d9bf959e7a08f15ab8a93144db43e2d3bd934a2e62070d628999b779a692322a0893199d51

Score

10^/10

cobaltstrike 0 backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

ed89687fb1cf814248a1ddbf71a59debcbab78baad916199f95aff960ef7df77.exe

Resource

win7-20220414-en

cobaltstrike 0 backdoor trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ed89687fb1cf814248a1ddbf71a59debcbab78baad916199f95aff960ef7df77.exe

Resource

win10v2004-20220414-en

cobaltstrike 0 backdoor trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://45.158.34.4:3333/updates.rss

Attributes

access_type
512
host
45.158.34.4,/updates.rss
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
polling_time
60000
port_number
3333
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0LOHj9EjO5Z4KeaJZ6CMEDBaj51k0j3QNJJarlrcvVIrg0AVNZMsNp1AqgA/F56eUHpUpEu0q8bNSWa+iGRx8jY42Qk8TPBxLMh+g6xZHYNMPuCjA1wC9J8j0AtT1VrzLPkoMUapG2j1jSL60EINLtDWxiFfwiva+PPfG8kaqcQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MALCJS)
watermark
0

Targets

- Target
  
  ed89687fb1cf814248a1ddbf71a59debcbab78baad916199f95aff960ef7df77
- Size
  
  18.8MB
- MD5
  
  b10b89d74fc2a229b6bfec1ffc9bfd58
- SHA1
  
  ceafab7ef62186130319856ea13f9abab441f404
- SHA256
  
  ed89687fb1cf814248a1ddbf71a59debcbab78baad916199f95aff960ef7df77
- SHA512
  
  e17b73fc55655e636c45da56e3d44d84511b15c05f16498d60dc66d9bf959e7a08f15ab8a93144db43e2d3bd934a2e62070d628999b779a692322a0893199d51
Score

10^/10

cobaltstrike 0 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrike0backdoortrojan

behavioral2

cobaltstrike0backdoortrojan

© 2018-2024

Terms | Privacy