cobaltstrike

General

Target

6c328aa7e0903702358de31a388026652e82920109e7d34bb25acdc88f07a5e0
Size

360KB
Sample

221208-k99jjace2w
MD5

344d455e11aa6eda85d16e94159eaecc
SHA1

d45d68e70f4558593ab4c577ef6366e3922ea215
SHA256

6c328aa7e0903702358de31a388026652e82920109e7d34bb25acdc88f07a5e0
SHA512

860c0b3708ae6c324f4ea0fb46448c2cbfaf28758842fabd355c607ebde9cd041fff358b5dad4358c8b49b091a648ce76d7d16afa50d1b3304cf923decdb99f1
SSDEEP

6144:lkAWeL8yVhg7XElCu95nLPomKlLV7Gn+srTQ/R0JRhthPhwslKa+chY4knG8qad:geLzVzCyLdKlLV5mTQmlthJlKa+2knGi

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1700806454

C2

http://tileservice-weather.azureedge.net:443/en-au/livetile/front/

Attributes

access_type
512
beacon_type
2048
host
tileservice-weather.azureedge.net,/en-au/livetile/front/
http_header1
AAAACgAAAFJBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsKi8qO3E9MC44AAAACgAAABhDYWNoZS1Db250cm9sOiBtYXgtYWdlPTAAAAAKAAAAFkNvbm5lY3Rpb246IGtlZXAtYWxpdmUAAAAQAAAAJ0hvc3Q6IHRpbGVzZXJ2aWNlLXdlYXRoZXIuYXp1cmVlZGdlLm5ldAAAAAoAAAAyT3JpZ2luOiBodHRwczovL3RpbGUtc2VydmljZS13ZWF0aGVyLmF6dXJlZWRnZS5uZXQAAAAKAAAANFJlZmVyZXI6IGh0dHBzOi8vdGlsZS1zZXJ2aWNlLndlYXRoZXIubWljcm9zb2Z0LmNvbS8AAAAHAAAAAAAAAA0AAAABAAAADC80NS40MCw3Mi43MwAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAFJBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsKi8qO3E9MC44AAAACgAAABhDYWNoZS1Db250cm9sOiBtYXgtYWdlPTAAAAAKAAAAFkNvbm5lY3Rpb246IGtlZXAtYWxpdmUAAAAQAAAAJ0hvc3Q6IHRpbGVzZXJ2aWNlLXdlYXRoZXIuYXp1cmVlZGdlLm5ldAAAAAoAAAAyT3JpZ2luOiBodHRwczovL3RpbGUtc2VydmljZS13ZWF0aGVyLmF6dXJlZWRnZS5uZXQAAAAKAAAANFJlZmVyZXI6IGh0dHBzOi8vdGlsZS1zZXJ2aWNlLndlYXRoZXIubWljcm9zb2Z0LmNvbS8AAAAJAAAACXJlZ2lvbj1DQQAAAAcAAAAAAAAADQAAAAUAAAAFYXBwaWQAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
17920
polling_time
3.6e+06
port_number
443
sc_process32
%windir%\syswow64\conhost.exe
sc_process64
%windir%\sysnative\conhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAJPF/mZit4nxvjWHmmU6yFh3uXFdS2ugK0W2z1i9ozrCTebMdOHPvdNUu+hIXXNSyf9WKfhXnJ00QnHTcMr9G3H475JXWflnmOOgJFOh70Zgr9WSxtnCBt2uYIjJ1oe4Xv0Zwft/jqpZsOl1M8m+wk4bCB+11Yz1tx7HaD4INdwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
2.187728128e+09
unknown2
AAAABAAAAAEAAAVkAAAAAgAAC8gAAAANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/en-CA/livetile/preinstall
user_agent
Microsoft-WebDAV-MiniRedir/10.0.19042
watermark
1700806454

Targets

- Target
  
  6c328aa7e0903702358de31a388026652e82920109e7d34bb25acdc88f07a5e0
- Size
  
  360KB
- MD5
  
  344d455e11aa6eda85d16e94159eaecc
- SHA1
  
  d45d68e70f4558593ab4c577ef6366e3922ea215
- SHA256
  
  6c328aa7e0903702358de31a388026652e82920109e7d34bb25acdc88f07a5e0
- SHA512
  
  860c0b3708ae6c324f4ea0fb46448c2cbfaf28758842fabd355c607ebde9cd041fff358b5dad4358c8b49b091a648ce76d7d16afa50d1b3304cf923decdb99f1
- SSDEEP
  
  6144:lkAWeL8yVhg7XElCu95nLPomKlLV7Gn+srTQ/R0JRhthPhwslKa+chY4knG8qad:geLzVzCyLdKlLV5mTQmlthJlKa+2knGi
Score

10^/10

cobaltstrike 1700806454 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2