cobaltstrike

General

Target

04193e2b9a24c7c63914d71bbff1ca8612b089750a5645caa6c143fc0a1c376d.zip
Size

187KB
Sample

230321-rw6ztaba67
MD5

d98b5d419c353070629f8baf9e2ea577
SHA1

b1c7e98f520184ee0efb87ff6a9252e045f0d002
SHA256

20f46e76101629bfd1b713bd68ba261dd3e0e6d787bbf5481e273077fb383186
SHA512

f82b72f02b41d25fc6b2b68930f694185975bcfa5a002459d9603b94700dfc157346506ac89709009e744a88fc8d41c9960f3b99c6b6c718b345fb4130c04301
SSDEEP

3072:zy73TXEA8bivDkRuHZiquH1BbtOPP5Ib+P5cHQ9khA51/vsTJuHu:O7IdivKqivHDtOjEQmA51/vsTIO

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1530709612

C2

http://10.10.5.39:443/___utm.gif

http://10.10.5.246:443/___utm.gif

Attributes

access_type
512
beacon_type
2048
host
10.10.5.39,/___utm.gif,10.10.5.246,/___utm.gif
http_header1
AAAACQAAABJ1dG1hYz1VQS0yMjAyNjA0LTIAAAAJAAAAB3V0bWNuPTEAAAAJAAAAEHV0bWNzPUlTTy04ODU5LTEAAAAJAAAAD3V0bXNyPTEyODB4MTAyNAAAAAkAAAAMdXRtc2M9MzItYml0AAAACQAAAAt1dG11bD1lbi1VUwAAAAcAAAAAAAAADQAAAAIAAAAGX191dG1hAAAABQAAAAV1dG1jYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAABwAAAAAAAAACAAAABlVBLTIyMAAAAAEAAAACLTIAAAAFAAAABXV0bWFjAAAACQAAAAd1dG1jbj0xAAAACQAAABB1dG1jcz1JU08tODg1OS0xAAAACQAAAA91dG1zcj0xMjgweDEwMjQAAAAJAAAADHV0bXNjPTMyLWJpdAAAAAkAAAALdXRtdWw9ZW4tVVMAAAAHAAAAAQAAAA0AAAACAAAABl9fdXRtYQAAAAUAAAAFdXRtY2MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
GET
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYRk7aiOwUEkTn6tyrUx6KT1EYovdepy7UKvbsWSeToWgfuSGybTrHa3ZUO9IXmi3gQkQqzGBSHXE8S59bLI+X+TNcAS1jEYPnHueMYo5Gdkguj3sxQn/a4OyN7Oc58rNvYD2bRBpuri3wEBarONFz5cKNYjeaH7+N3YgmuYskwQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
6.71092736e+08
unknown2
AAAABAAAAAIAAAAPAAAAAgAAAA8AAAACAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown3
1.610612736e+09
uri
/__utm.gif
user_agent
Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
watermark
1530709612

Targets

- Target
  
  04193e2b9a24c7c63914d71bbff1ca8612b089750a5645caa6c143fc0a1c376d.exe
- Size
  
  319KB
- MD5
  
  d438f4f0cd9de5f51b8ff401e51d7fae
- SHA1
  
  fa92e51cace0da018119a3f95e0648e6e33f288e
- SHA256
  
  04193e2b9a24c7c63914d71bbff1ca8612b089750a5645caa6c143fc0a1c376d
- SHA512
  
  47d03bc3b27754af305e16dad163fa8cf49ad232547fc350a01cc73037b2403dce73b92e24e72e78c7141771d58f78873ad3c375522ac03c6691fd018fd54615
- SSDEEP
  
  6144:6HwGL86EIUdKVy9Dwxdms4yAzFaFdtkBYYYYwYYYYYYYYYYYYYYYvPAYYzEKUo01:Cwv6NU3qopVYdm5t3
Score

10^/10

cobaltstrike 1530709612 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2