cobaltstrike

General

Target

80496931575d32f8839b054ee7fad55f.js.vir
Size

868KB
Sample

230317-pjptnagb64
MD5

80496931575d32f8839b054ee7fad55f
SHA1

b70e302e4065651d0834900c752b3f681ebd87d2
SHA256

f7e7bb0a337c10e1ccb7e01af4d0ad48825214b7c945aaa0a38237d9c4df45ee
SHA512

fd79c583de2de0286350cd3c6af2a219f40b348a96f237b56755e5fc54223a2c5c56cc1da128da54f92634b13d14e1ef023eedd9634eca176ee795150f090705
SSDEEP

12288:nGuFsIiqQzWzs1BSuBq+tkIvEVCW9Y3JoZW2hFM8GJdn+V6Vl4qbMDQ7V:GLXcs1A+sCW23J1f

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://chidao.icu:8443/image/

Attributes

access_type
512
beacon_type
2048
host
chidao.icu,/image/
http_header1
AAAACgAAAEhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKmw7cT0wLjgAAAAKAAAAHlJlZmVyZXI6IGh0dHA6Ly93d3cuZ29vZ2xlLmNvbQAAABAAAAARSG9zdDogbGF4c3RvcmUuZ3EAAAAKAAAAEFByYWdtYTogbm8tY2FjaGUAAAAKAAAAF0NhY2hlLUNvbnRyb2w6IG5vLWNhY2hlAAAABwAAAAAAAAAIAAAAAQAAAAQuanBnAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAoAAAAeUmVmZXJlcjogaHR0cDovL3d3dy5nb29nbGUuY29tAAAAEAAAABFIb3N0OiBsYXhzdG9yZS5ncQAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAsAAAABAAAABC5wbmcAAAAMAAAABwAAAAEAAAADAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
8443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmOWIfmsFlSaN08WbrXhqAUnE0QmgKzc114UH02A/cZNu9XBcBIf3gJ63j7++TAbdMd+qE3rdZw/CwmlXOCBrfx7cxpKKQY1/kA0NVmS8AVcryjkT6cSxdF5Ehe4DMMtLDP2GHIvt+r4587MArJnEThLp/UScK/KwXHYMAzkcTuwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/email/
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASP)
watermark
100000

Targets

- Target
  
  80496931575d32f8839b054ee7fad55f.js.vir
- Size
  
  868KB
- MD5
  
  80496931575d32f8839b054ee7fad55f
- SHA1
  
  b70e302e4065651d0834900c752b3f681ebd87d2
- SHA256
  
  f7e7bb0a337c10e1ccb7e01af4d0ad48825214b7c945aaa0a38237d9c4df45ee
- SHA512
  
  fd79c583de2de0286350cd3c6af2a219f40b348a96f237b56755e5fc54223a2c5c56cc1da128da54f92634b13d14e1ef023eedd9634eca176ee795150f090705
- SSDEEP
  
  12288:nGuFsIiqQzWzs1BSuBq+tkIvEVCW9Y3JoZW2hFM8GJdn+V6Vl4qbMDQ7V:GLXcs1A+sCW23J1f
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2