cobaltstrike | 8c2a7ddd3df7bf22b0e8d38ad9497b6e2d2eacf820316f5185663bdc73106b8e

Sharing

Copy URL

Twitter E-mail

General

Target

AMON-Eye.zip
Size

70.9MB
Sample

230324-af98vsda3z
MD5

59f1014abbf5670b66986a3088dd6a8c
SHA1

c0df4ddf5485485b284bff4993c85fd8413f8aca
SHA256

8c2a7ddd3df7bf22b0e8d38ad9497b6e2d2eacf820316f5185663bdc73106b8e
SHA512

8458bc5b8b061e16c3f03a07bb00f60f7f46c9646d765403b484eb0ac4f412ea75cea2c36e5714f2b8cef7ae70a751fd13c86ab3f43a1b080f7ee80535584c72
SSDEEP

1572864:whKsDyW9sN7TRQtYxbKfy75edt+Ky2YG+xOq5FQBfev40K2tmr:wBDfsxTRQC375edt+Ky26xcWQ0rtc

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

http://:4444YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY

http://M1�H��H��H��H��A��H��jAXL��H��A��7g��H1�H��A��8��M1�H1�H��A�t�;��H��H��A�unMa��H�Ġ:1220708680M1�H1�H��A�t�;��H��H��A�unMa��H�Ġ

http://M1�H��H��H��H��A��H��jAXL��H��A��ta��H��@:1220708680H��M1�jAXH��A��_��H�� ^��j@AYh

Attributes

user_agent
h

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

127.0.0.1:4444

Extracted

Family

metasploit

Version

metasploit_stager

127.0.0.1:4444

Targets

- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/components/stageblock.py
- Size
  
  3KB
- MD5
  
  3e7dda95094fce3ed316220a5ce9eb0b
- SHA1
  
  f6ebf2e3594669e915c08fa07dfcefa1f7f1de7e
- SHA256
  
  d9bc8eb914eda5c35496719af8a2a104684057c1bd311ddae927dce837acfce0
- SHA512
  
  1f198abc0ee2479adb85dbc1af19e34e541f53bcf3656ebd99d9da8b0a1571b5ea4a186e58f8550125dcbf043a47b8719944cb4c5833901ce0a0217de6c2ac22
Score

3^/10
behavioral1 behavioral2
- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/components/stagerclient.py
- Size
  
  2KB
- MD5
  
  20bbef826ab9bb86cf5bbc1db856199c
- SHA1
  
  d805eb13fc3b1b5167207513ed0b19e3f7c70b19
- SHA256
  
  723eaaa41d3c66b892036dd04ea82cd64ab29f26bb367632eceb92df42b3eee6
- SHA512
  
  15342ebbdff6d8f99e3ff2c24c67b8f14fcde2b2a0b1cbc22ccc18b6fbece6219a087b7e4a5ce269e54f60ca4ba9c9b4eef94d23f311cf1b60600d3d2523a860
Score

3^/10
behavioral3 behavioral4
- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/components/stagerserver.py
- Size
  
  2KB
- MD5
  
  1329e047df58fcbb9b1c3fd0e2cf4d6a
- SHA1
  
  f5016e993fc94af873305765a2482241fbbcfddf
- SHA256
  
  61220022fc5c41e23f15e5ad6b6b8103f558ce217be1043f0db9f8bdef221eb3
- SHA512
  
  65ab1bc1e9ac29e921ca13fb797fa944665d05b1df42bc4be55d19d8b9f3b4a6a060dc3a9c7c7554e32eb9893f997351955c0cb48ca7e90b608232734d40af03
Score

3^/10
behavioral5 behavioral6
- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/data/dns.py
- Size
  
  479B
- MD5
  
  db74582b6d6a919f6036e8b4d0b5a220
- SHA1
  
  be663085876d2c070e76a79232072254d3de799d
- SHA256
  
  583f9edc35c64bd71a08142eefb5cec3582a0765cb8a8a9211d88006dba561db
- SHA512
  
  6c17fb62ceef6b651b715e0d2a302bd50bf1f8f9081c3d44ff70fa9c942692821606595401bed0c53fdc71352e0fabae47b9bb7aa87977863f25192aee083ed5
Score

3^/10
behavioral7 behavioral8
- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/data/file_type_prepend.py
- Size
  
  8KB
- MD5
  
  76f6fa579d20d17569ad6ea776e0b2ee
- SHA1
  
  a67218f3e316bbee4d3bbab722272421e58a8419
- SHA256
  
  c0d33e28a88db38571cadc37e740a6167cb38e992880004b6287296a01b1b0e8
- SHA512
  
  c9103985ed32ec040678b099193f521ac569b2dcc6d7109c9e996652b5a4ab59c1c63678f928465579f7e7cb308b91ed978b317d2b67e55b08df701b591095ff
- SSDEEP
  
  96:uQLps+jfc6Lj9lQ8g3cXjwwgHyRgtySsqYhxR0DXenmmKWuEomKWuEqPoFulFTjR:uqpK6Lj9WLGgYSVYTNnmmEmWl9FD1
Score

3^/10
behavioral10 behavioral9
- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/data/params.py
- Size
  
  2KB
- MD5
  
  e3330966a9726fd05e22144db3750a96
- SHA1
  
  5be11c99872d9a09cda3708cdb049482e5bd159b
- SHA256
  
  9e32a486fc3a79b5640bc934a10092e6540c11a6ce02dde064d999cd98ce1394
- SHA512
  
  71654f98d841965f5b5a64de7ebb7da21a0c6b592809d27e8a65bd4a00967fd0244f9c28e93c0a14873f308a0c6f72635f5a676edbe268d77c36c6d529ba4d04
Score

3^/10
behavioral11 behavioral12
- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/data/post_ex.py
- Size
  
  281B
- MD5
  
  027889ea4cf8c2db69ad51879a1a597f
- SHA1
  
  05f59a51c78409561ca49eb88e038e18f1b088a9
- SHA256
  
  4d5ac5e7c2909532858300f608dc213d481988e072c8a9b81eb96d83512186a1
- SHA512
  
  c805955db6fa268b5fcd01c97b2803ba7a02d4cae4cbc3fa346496c6842126d60c1046c0355b44877dfbd008d0ca850cadd2ec3fbd33e2d5a6b355e32aabc44a
Score

3^/10
behavioral13 behavioral14
- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/data/reg_headers.py
- Size
  
  2KB
- MD5
  
  8350383a637aced46cd32ccc885bea83
- SHA1
  
  57ae62e6858a16126d08040d27b3773e4a731072
- SHA256
  
  f23eb93a894baf621419c44452fb74163144419395503257f4730003d2aeb769
- SHA512
  
  6fa5f3da5cac021a580117cd43db50c196b90b5ddc8b44d4ac5fec94471fbb8945a4e2595998b53c3bcce1fb1e3d0a99021da611a877ec1696084c886771d5f1
Score

3^/10
behavioral15 behavioral16
- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/data/smb.py
- Size
  
  403B
- MD5
  
  4402f2ea95fc7c0a0b7be934ac000fed
- SHA1
  
  88163c7d6ddde96a273e0d6180276d4e2dc8bba9
- SHA256
  
  061cfd64d9517e282e2236bcb7783b2b20fab659e589a84c010e200105489ff5
- SHA512
  
  306f31d7c3cdf2d139e4d2e6a17cc2f391675f054f7dc3d91c0872db33c9ec4e4d49a323dc6f3a8ca49e311230d62464a7226c6152b73008603de99e329eae5d
Score

3^/10
behavioral17 behavioral18
- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/data/stage.py
- Size
  
  1013B
- MD5
  
  ea24c802179f5a4d8e58594a3377a573
- SHA1
  
  f58972e6a61763fa3225d6b3d64a2bd2a0117502
- SHA256
  
  d874ab48120be6f2d5c3b16407beea860d3cf4cb6081a7ec49e3e1782f883ab1
- SHA512
  
  ec320f817304a9c7921735e04c5ec16bb07a68fb611b936dbe9e861d5fef61e2fcadd5f43f5f071a34f0ef8f8e834d9d71675614775659d41a28800fb568c99c
Score

3^/10
behavioral19 behavioral20
- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/data/transform.py
- Size
  
  316B
- MD5
  
  1a6a1655b55010deeef7044c802eb11c
- SHA1
  
  42fd88a8d356e8be076181ad1ae10b9b0e231acf
- SHA256
  
  73608dd176e3eca70e499f2828f99ff67112230b796bbb67fc285b9f522aa573
- SHA512
  
  6eee96410cd9aa170f889f9bef87394e8131511e7ccf03626458fad4a3eb8f8fa3d0e76373957171eda0029376882a44dd5fc0f0eb9f41c85d1607d50e5c6ba0
Score

3^/10
behavioral21 behavioral22
- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/data/urls.py
- Size
  
  1KB
- MD5
  
  79d429e5ff21c52a4c4b2a57f2f6c100
- SHA1
  
  1473b0466547e948231a30812e4cd5830ee0c88c
- SHA256
  
  e3b9797ed49d6e3b53ec69dd2e7232767b871b865d419dbd364b1b92a8c58ad6
- SHA512
  
  a124d73abfb961734d8d2506c7e4cd3218d00118915f924e94abee04ecec47882eb6847a138f1e71a81148cdcc5126a249d20fac82cb7db48ee7ed3acaafd113
Score

3^/10
behavioral23 behavioral24
- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/generate-cert.sh
- Size
  
  3KB
- MD5
  
  1a71fdcc4eaf4242c75e4b29d1ab33be
- SHA1
  
  d1876d0174bcb3b83e7b23e78ac3eea1c4a4fa0d
- SHA256
  
  8673414c782db143a1471073e49829783c4cde49cb24b65cfb245d16f02003d0
- SHA512
  
  ddaf9fa70ce71a2d7471a04e9f63fc7e9f9dc07d561cbab17890c73b2e68ba735fe463d5d54cbfd4958add25a0cb1473f5a8a796561ff45017ee5541c845ace4
Score

7^/10
- Write file to user bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral25 behavioral26 behavioral27 behavioral28
- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/helpers.py
- Size
  
  7KB
- MD5
  
  00c11fb1c1f1a22a12253098c26993f4
- SHA1
  
  87d01548a54cd17a67665ac7d3e1a94c0a8d1a40
- SHA256
  
  e170f25b0ca874c4b67baf68120c73bf8f33f8dd158183d809af492ef7fe0e1f
- SHA512
  
  07464f7036c67897168d6038fc0073c0c49858b47650b7a35f046dcf8346e6a0a1c72ab9e6f612ebde39acb338330705c91aab3271399e9613c10cedfc03fde6
- SSDEEP
  
  192:aE/x5nuA0IVL/ZN8MMaeKLFeWGwlhs3+1r:a2fziZ71WjIu
Score

3^/10
behavioral29 behavioral30
- Target
  
  AMON-Eye/C2-Profiles/concealer/C2concealer/profile.py
- Size
  
  6KB
- MD5
  
  422dda526857322c270ada522bd2e9fd
- SHA1
  
  184cb0fa4ec086936d7cb20f1ba3146ccea2116f
- SHA256
  
  b5a588568de7d58aabb121e1a8d01b5cd8d24c26e32cc144afa4341ea70ccd1b
- SHA512
  
  86f46c17b2555f4f74621c37825f07605ce34589b6664b0d4df77b733ed775d730a0c210eb26fc971fcd04a505597e426a2a38ba3feb857e5f581a52d7e4bc38
- SSDEEP
  
  192:nQSCKfAKqTjajMFXvRajxaDag+vWbIiOi5hqFFK2Y:nQKfxkawD+vWbzX5h0kf
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Write file to user bin folder

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32