cobaltstrike | cobaltstrike[.]payload-disk

Sharing

Copy URL Twitter E-mail

General

Target

cobaltstrike.payload-disk
Size

270KB
MD5

80718a3748ab51e3a4f5979f656c0bd2
SHA1

daec955577ee542a5afe030ab0a6d41aca5d8ddb
SHA256

b0e39ff115701fddc84697858fce14a67afe2de8ad07b9486d9bfc6dd006b665
SHA512

4c83766028cac9d51c6d1fbbece61e54f0080eff5e883cce3b577b16446476905a4299080f7795fa4bb0fa29e4075f1bbf025c8d02a0e23aaaf6e79ccc065378
SSDEEP

3072:PzbINhWl+CIbfqqEVxGsfDCJS4l9JTFyG+JteEzCnL7zuGIkfhUYJF6vzWRrKer:PzbUxsfDCvT4ZTXzCLNIk5U0rKM

Score

10^/10

987654321 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

987654321

http://45.12.253.139:443/an.js

Attributes

access_type
512
beacon_type
2048
host
45.12.253.139,/an.js
http_header1
AAAAEAAAABpIb3N0OiBidXNpbmVzc3NlcnZpY2VzLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAE0FjY2VwdC1FbmNvZGluZzogYnIAAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tVVMAAAAHAAAAAAAAAA0AAAADAAAAAgAAABp3b29jb21tZXJjZV9pdGVtc19pbl9jYXJ0PQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABpIb3N0OiBidXNpbmVzc3NlcnZpY2VzLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAGUFjY2VwdC1FbmNvZGluZzogZ3ppcCwgYnIAAAAKAAAAL0NvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkAAAABwAAAAEAAAANAAAAAwAAAAIAAAAIZGV0YWlscz0AAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9472
polling_time
55991
port_number
443
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCMEuNG3asVOp+bgSmSog10bB55R9e+aj5dF2sVbnRjA/dTkltRdDD0DdF5vJh/gURBikZ4FxqqmfqR2SPAheOzDDrYvV7ScpwPkZe8IUd/DbJmPs30ST9SGHn+eLjTQQEU+I142t7yTsO7HCKf1CTDMHfS3PNoz3V8ivNRwL1aiQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
9.63976192e+08
unknown2
AAAABAAAAAIAAANxAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/ch
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/42.0.2311.135
watermark
987654321

Signatures

Cobaltstrike family
cobaltstrike

Files

cobaltstrike.payload-disk
.dll windows x64

c488ba021cef33743da510cb3a8e4eb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_SYSTEM

Imports

��

��
��
��
��
��
��
��
��
��
��
��=��
��
��
��
��
��
��
��
��+��
��+��
��
��
��
��
��p
��`��Â��
��Â��
��
��
��
��
��
��񐭢��
��񅪱��񍦻��
��񍦻��
��
��
��'��À��
��À��
��
��Ï��È
��È
��
��
��
��
��n��
��
��
��Z��
��
��f��
��
��
��Û��
��
��񅪱��
��񍦻��
��
��
��
��i��Z��
��
��
��
��
��]��
��4��]��
��4��]��
��
��
��
��É
��É
��Y��É
��
��
��
��
��
��
��ô��
��e��ô��
��
��
��
��
��a��
��Ï
��
��
��
��
��
��
��
��Ì��
��
��
��
��
��Á
��
��
��
��
��
��
��à��
�� à��
��x�� à��
��x�� à��
��
��
��L��
��
��
��
��À��Ì��
��Ì��
��Ì��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��j��
��j��
��j��
��
��
��
��
��
��ð
��
��
��
��
��
��É��
��Ð��É��
��
��
��
��
��d��
��~
��
��{
��s��{
��Ö��s��{
��

��6

��
��q
��
��
��
��
��W
��
��
��
��
��k

��

ord15
ord52
ord23
ord19
ord4
ord10
��
ord116
ord115
ord3
ord14
ord9
ord8
ord16
ord22
ord111
ord151
ord1
ord2
ord11
ord13
ord17
ord18
ord20
��

Exports

Exports

CablePlatform

Sections

��
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

��
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 17KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

c488ba021cef33743da510cb3a8e4eb4

Headers

DLL Characteristics

File Characteristics

Imports

�������������

������������6

�����������

Exports

Exports

Sections

������ Size: 176KB - Virtual size: 176KB

������� Size: 63KB - Virtual size: 62KB

������ Size: 17KB - Virtual size: 60KB

������� Size: 8KB - Virtual size: 8KB

������� Size: 4KB - Virtual size: 3KB

��

��6

��

��
Size: 176KB - Virtual size: 176KB

��
Size: 63KB - Virtual size: 62KB

��
Size: 17KB - Virtual size: 60KB

��
Size: 8KB - Virtual size: 8KB

��
Size: 4KB - Virtual size: 3KB