cobaltstrike

General

Target

24d99ba5654cdf31141c66fd9417b7e0.bin
Size

187KB
Sample

230321-bgnlxsab21
MD5

e8454eb9f1d30c80ba454daf74a3d514
SHA1

ffe8d21dc375e928788b855ebae5ee9fff879793
SHA256

e50319ebac93c086dc4b6d187319d00f37180b8989ebd0c25b2999713d3eafb8
SHA512

29c5d65b7e29488b1531681f9b2c269f43098bb681cf16a5bb9c7033766499773943de13ee837f949acfffbd83dd006ffe89dd464388956d3cc4a95aeedd08ac
SSDEEP

3072:Ak2erbb9FdMHzFbpD837XVLGhe6lFkH74y3LDR2N4OEwCkPBZ1PduI9kThO0:lJMHYxSU74y3LDR2Neudk80

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://120.79.181.138:443/pixel

Attributes

access_type
512
beacon_type
2048
host
120.79.181.138,/pixel
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5q7MB/tbUnzXSL7Zy+R/NrXBsv04yMfdAg46oqaulvNUOMYgsS/FPmKLLTw6knGLWSaH9+NVc0VkhsAjKhzjWIlVJqCoTZYIVu8CKnF/rDxYpmYjmqqd8EBIIxq3QuVWd6z7xYx7AZh1RDlecuKLPtX3fn6p9Wud81SEPl0wlyQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)
watermark
1359593325

Targets

- Target
  
  b9321c27be4295c15d7f92fafc20d7ccac5f21204b79ebc2fed583dda0197cf9.bin
- Size
  
  219KB
- MD5
  
  24d99ba5654cdf31141c66fd9417b7e0
- SHA1
  
  0e06aedf5b25cf248131c9eff5a331f4bb1fcb67
- SHA256
  
  b9321c27be4295c15d7f92fafc20d7ccac5f21204b79ebc2fed583dda0197cf9
- SHA512
  
  351e8c078595d1c829385d0bfbeb2560dd62fa063645e40593ba63af8862fc90bbd24438aebb0fb952cb78bf80b91ea35dbabdc91d760fd69c7f188e45075872
- SSDEEP
  
  6144:c8X2sNEFy+HVJbny+lgzgeFgUQI9aiGynMOyX:T3NEFy8VJO+GTFgUzaL6MO+
Score

10^/10

cobaltstrike 1359593325 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2