cobaltstrike

General

Target

02eca3440338a1bc8f2396959550b11c3ae000571a43efd0a2ad2db29b57196b_1.zip
Size

300KB
Sample

221208-z35pbsee5t
MD5

099140dd13a875b65940c5a548b25fe5
SHA1

a42c4b6b0aa450618be5b487e4c8724073e8e04c
SHA256

733b375876754c1b7aab1da2f22a4946ec835f303785dd7785372f1cf1c31375
SHA512

7ee02431ec942b5ba1cf4af02766235e62de18c4f56b46725ae0cb1017efd361c607a2b98ad81447c8bb53ae0e67731efe54aae465279f09347d065b1d9b86b4
SSDEEP

6144:s3hZbcHywRVEnLCJiwZ3OwjTrayvNGx4an7fR9+UAGWoz/m6CwtZO8ArGPmruzrW:s3hpcjRVSaiwZeuTrPvNCBn7nZAg5z6h

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

C2

http://43.139.215.184:80/js/components/content-info-b0c0e5245b.js

Attributes

access_type
512
host
43.139.215.184,/js/components/content-info-b0c0e5245b.js
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAABMQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOCx6aC1UVztxPTAuNyx6aC1ISztxPTAuNSxlbi1VUztxPTAuMyxlbjtxPTAuMgAAAAoAAAAfWC1Gb3J3YXJkZWQtRm9yOiAyMjAuMTgxLjM4LjI1MQAAAAcAAAAAAAAAAwAAAAIAAABDaHR0cHM6Ly9iYWlkdS5jb20vaG9tZS94bWFuL2RhdGEvdGlwc3BsdXNsaXN0P2luZGV4dHlwZT0xJl9fY2ZkdWlkPQAAAAYAAAAHUmVmZXJlcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAABMQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOCx6aC1UVztxPTAuNyx6aC1ISztxPTAuNSxlbi1VUztxPTAuMyxlbjtxPTAuMgAAAAoAAAAfWC1Gb3J3YXJkZWQtRm9yOiAyMjAuMTgxLjM4LjI1MQAAAAcAAAAAAAAAAwAAAAIAAABDaHR0cHM6Ly9iYWlkdS5jb20vaG9tZS94bWFuL2RhdGEvdGlwc3BsdXNsaXN0P2luZGV4dHlwZT0xJl9fY2ZkdWlkPQAAAAYAAAAHUmVmZXJlcgAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
15360
polling_time
12000
port_number
80
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJm1P3lTd3ygHulswJL4tajEl2XHAmjfIKdoZglWZIQx3gRex7B4DAGNGAyJhPYtciPl2sZyXyOU7cMUPguaLvneN3qDam4/eu+THXQ2gut5l+tYDr6jnxm1mDELT0CllhhHPtsitGkw95nUQ1Mws0zg6MjCW/4kOCxDoiTQLLMQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.24495488e+09
unknown2
AAAABAAAAAEAAAXeAAAAAgAAADkAAAACAAAPTwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/js/super_load-9f784471ea.js
user_agent
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0.0)
watermark
100000000

Targets

- Target
  
  02eca3440338a1bc8f2396959550b11c3ae000571a43efd0a2ad2db29b57196b
- Size
  
  579KB
- MD5
  
  b34dc607e183d28d55aa318a0cf8fb9c
- SHA1
  
  565c44d8f5e57522bad350dff54a60fde6b20ab9
- SHA256
  
  02eca3440338a1bc8f2396959550b11c3ae000571a43efd0a2ad2db29b57196b
- SHA512
  
  0f6b8a8ed0e42c836d43da2a69e9f83e232229cb9dacc72d1d100b7ed009f8c90732853287506243da6f88475387277dcc95173723d2bb8fc3d38a4d1462c846
- SSDEEP
  
  12288:aEUBvgWW5m71Op55otLKS5s/bqnseuZWz3USm:yBvZW5m5g55oLabqnse/jl
Score

10^/10

cobaltstrike 100000000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2