cobaltstrike

General

Target

2d3bd5579f6a54cac49a26142f2d4de1.exe
Size

157KB
Sample

221108-rnzwjaddfk
MD5

2d3bd5579f6a54cac49a26142f2d4de1
SHA1

96ed99c2f0ac2896369221fd9539847088f4abe5
SHA256

0461700051e86d2c7bb96b3151db07507a6cb7c05d235e39b001823f70f8b130
SHA512

a6838c24b52b29fb75265c72fde547737ebd14a915af34e7ff40cc81ba0dcf6c3c1960c5749f3686582b28a780e158748a424be3b4703f9c1d0f40d46582ed44
SSDEEP

3072:SEoWpC7otJ4rI2+vx6WF8kOuR+zsPKJRA5keJVMqK1PghFwFWxdUZT+fZwGW/:rz1tJvvx6Wik9R+mJPKlOwMnBfZq

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://101.34.93.112:4443/api/x

Attributes

access_type
512
beacon_type
2048
host
101.34.93.112,/api/x
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
1000
port_number
4443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCls+Ts7vDp4PueIMmI6SDvQ/M7pxZ8qLWXmiSlf0cUeLuVdVtbeotiukVWt/D3khxce0MxMUPjMwbfYljwM/3qyzGjuOsyxb5ySAOjPJ1oOJs2ZR7jcuLMpUqsrBssfyHW2rTkqbGvJrWnHTVK9hn1+XA890Kkr4R+QOLh7Cu3zQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/api/y
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
watermark
1359593325

Targets

- Target
  
  2d3bd5579f6a54cac49a26142f2d4de1.exe
- Size
  
  157KB
- MD5
  
  2d3bd5579f6a54cac49a26142f2d4de1
- SHA1
  
  96ed99c2f0ac2896369221fd9539847088f4abe5
- SHA256
  
  0461700051e86d2c7bb96b3151db07507a6cb7c05d235e39b001823f70f8b130
- SHA512
  
  a6838c24b52b29fb75265c72fde547737ebd14a915af34e7ff40cc81ba0dcf6c3c1960c5749f3686582b28a780e158748a424be3b4703f9c1d0f40d46582ed44
- SSDEEP
  
  3072:SEoWpC7otJ4rI2+vx6WF8kOuR+zsPKJRA5keJVMqK1PghFwFWxdUZT+fZwGW/:rz1tJvvx6Wik9R+mJPKlOwMnBfZq
Score

10^/10

cobaltstrike 1359593325 backdoor trojan upx
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

UPX packed file

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2