cobaltstrike

General

Target

a3bad5dc407e91902f7f5f2b49f7e4cfa2d9387638723fbe7e94e0e93dce0f95.zip
Size

7KB
Sample

221101-m81w4sbca5
MD5

73583b7bb0f1759674c792a8a0383140
SHA1

e0ffd1f22047394ef4a1f82fabc4b50673f843c7
SHA256

cd653e8f498ed4c005eef4d71498db063e7f4ffa75ed061a72707759989ec69d
SHA512

937e5f4b2149fe17e81045d03bc578da3af4a1f82ae7a774261db37f5ef0e0707a6ee4857e9ee9d8e8bdfb29ec1fb1ac1e77d6b92e494c961071a0e6036742aa
SSDEEP

192:zJDyn09Z3lYSuKPH12lyYbqL3ocjcuePgfXKpxzNUf5:zB9yKclyYbqL0u87xzNm5

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://rngupdatem.buzz:443/nv.js

Attributes

access_type
512
beacon_type
2048
host
rngupdatem.buzz,/nv.js
http_header1
AAAAEAAAABVIb3N0OiBybmd1cGRhdGVtLmJ1enoAAAAKAAAAPUFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjkAAAAKAAAAMGFjY2VwdC1sYW5ndWFnZTogcT0wLjgsZW4tR0I7cT0wLjcsZW4tVVM7cT0wLjkuNwAAAAkAAAAJZm9ybWF0PWpzAAAABwAAAAAAAAALAAAAAwAAAAIAAAAad29vY29tbWVyY2VfaXRlbXNfaW5fY2FydD0AAAAGAAAABkNvb2tpZQAAAAkAAAAMZWNob3N0cj10cnVlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABVIb3N0OiBybmd1cGRhdGVtLmJ1enoAAAAKAAAAPUFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjkAAAAKAAAAMGFjY2VwdC1sYW5ndWFnZTogcT0wLjgsZW4tR0I7cT0wLjcsZW4tVVM7cT0wLjkuNwAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAALAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9472
polling_time
30000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpm3c7f2r8xUL9lc4ewj3q8vb7xa6mlqAaNLbJwSsTQOhTd6+t0JxpYvt5FisffawQiZstQ0ZMJYMuGL/kyXzNRPwRASIATmocdHDz1fsYga6Tzx4tWSAh8IJshSG9PqxUqX6dsq39V3+IGoTpi44BrMY09ODUUv+ASppbaDGEFwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.272630272e+09
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/en
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Edg/99.0.1140.31
watermark
1359593325

Targets

- Target
  
  a3bad5dc407e91902f7f5f2b49f7e4cfa2d9387638723fbe7e94e0e93dce0f95.exe
- Size
  
  21KB
- MD5
  
  ff9e3c1137ebd473823c19a66ee8ca61
- SHA1
  
  151e1c8b63e0c39870b1dd84a537941b199a103f
- SHA256
  
  a3bad5dc407e91902f7f5f2b49f7e4cfa2d9387638723fbe7e94e0e93dce0f95
- SHA512
  
  eb84318c7fda81559183193ccb68fb61ea36b73fe30985b94b93ba28016670560fd4cc7344d7dd00ffb3480e2d02f912f6ff6f29a9405a464852bc3fce8c549d
- SSDEEP
  
  384:fx3V1yp0MZont1Bvytm2BJL3YpbwrNcq:ftunw1BvyL3Y1Sp
Score

10^/10

cobaltstrike 1359593325 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2