cobaltstrike

General

Target

6625f7f63006c40b0d8636534f5bf28ae4d294effa2765516afa0bd72b52f03d
Size

306KB
Sample

220819-j5wlfaddf8
MD5

19ee03c191cd16a5466e15099b318526
SHA1

23a232fc5d590c17b562c0970eab0b4097ee490b
SHA256

6625f7f63006c40b0d8636534f5bf28ae4d294effa2765516afa0bd72b52f03d
SHA512

261760526afc1d53f5bcd17e99abfec41d8f9723323b39860ec676328a27bc7938da82b0d92adf40a9442e0595804b6dddf71ca7bf9f0d3d35703cb44b174dfe
SSDEEP

6144:dfXiliZA5BRDSOmfaD3pJLDZZSWkf8Il6ZRhZ:tXK6OmfqHHbSWG8IlkbZ

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://fuckersss6al9.b0.aicdn.com:80/owa/

http://nm.aicdn.com:80/owa/

http://fuckersss6al9.b1.aicdn.com:80/owa/

Attributes

access_type
512
host
fuckersss6al9.b0.aicdn.com,/owa/,nm.aicdn.com,/owa/,fuckersss6al9.b1.aicdn.com,/owa/
http_header1
AAAAEAAAABpIb3N0OiB3d3cub3V0bG9vay5saXZlLmNvbQAAAAoAAAALQWNjZXB0OiAqLyoAAAAKAAAAhkNvb2tpZTogTWljcm9zb2Z0QXBwbGljYXRpb25zVGVsZW1ldHJ5RGV2aWNlSWQ9OTVjMThkOC00ZGNlOTg1NDtDbGllbnRJZD0xQzBGNkM1RDkxMEY5O01TUEF1dGg9M0VrQWpES2pJO3hpZD03MzBiZjc7d2xhNDI9WkcweU16QTJLakVzAAAABwAAAAAAAAANAAAABQAAAAJ3YQAAAAkAAAAOcGF0aD0vY2FsZW5kYXIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABpIb3N0OiB3d3cub3V0bG9vay5saXZlLmNvbQAAAAoAAAALQWNjZXB0OiAqLyoAAAAHAAAAAQAAAA0AAAAFAAAAAndhAAAABwAAAAAAAAANAAAAAgAAAAZ3bGE0Mj0AAAACAAAAC3hpZD03MzBiZjc7AAAAAgAAABJNU1BBdXRoPTNFa0FqREtqSTsAAAACAAAAF0NsaWVudElkPTFDMEY2QzVEOTEwRjk7AAAAAgAAADhNaWNyb3NvZnRBcHBsaWNhdGlvbnNUZWxlbWV0cnlEZXZpY2VJZD05NWMxOGQ4LTRkY2U5ODU0OwAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
GET
jitter
7680
polling_time
5000
port_number
80
sc_process32
%windir%\syswow64\gpupdate.exe
sc_process64
%windir%\sysnative\gpupdate.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgwZtr5WmRWGqXa6bxdqQDUmj+XU+vA4zK2b7Nfzq4qy143458ufxXidOMjoSLVP3BqyJgWamd0KYY7Yt3bDmFbWashi7f+OYdWpDNixd5AvcGOOzQhShEZ/0Uz8CG/gc99swyssnxs0YBg9Hka4Wh0ufxO89KSApuLegLE5i1/QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.448416512e+09
unknown2
AAAABAAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown3
1.610612736e+09
uri
/OWA/
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)
watermark
1359593325

Targets

- Target
  
  6625f7f63006c40b0d8636534f5bf28ae4d294effa2765516afa0bd72b52f03d
- Size
  
  306KB
- MD5
  
  19ee03c191cd16a5466e15099b318526
- SHA1
  
  23a232fc5d590c17b562c0970eab0b4097ee490b
- SHA256
  
  6625f7f63006c40b0d8636534f5bf28ae4d294effa2765516afa0bd72b52f03d
- SHA512
  
  261760526afc1d53f5bcd17e99abfec41d8f9723323b39860ec676328a27bc7938da82b0d92adf40a9442e0595804b6dddf71ca7bf9f0d3d35703cb44b174dfe
- SSDEEP
  
  6144:dfXiliZA5BRDSOmfaD3pJLDZZSWkf8Il6ZRhZ:tXK6OmfqHHbSWG8IlkbZ
Score

10^/10

cobaltstrike 1359593325 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2