General
-
Target
CobaltStrike.11.exe
-
Size
4.2MB
-
Sample
230331-j7rp9sad41
-
MD5
7284d1a505e0f7c82f857d3c7570aa8d
-
SHA1
0aac013769d0e6d246324c986280dd378565b4a5
-
SHA256
05fd6beb7e048ff9b1521b11b3f7814972a681475257a9afa7f6268104beacd4
-
SHA512
3e9ac9a640302753bc9e5feccca3b23bc99e57145056b241038efb9aac0daca2c96c2239684e982745eeabc36b3405db8488acbf775bc1ba673a2419a581816d
-
SSDEEP
98304:sUFz/Aft66vzwlhhawFLOAkGkzdnEVomFHKnP:syW6rrawFLOyomFHKnP
Static task
static1
Behavioral task
behavioral1
Sample
CobaltStrike.11.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
CobaltStrike.11.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
100000000
http://cf-c-backelmfyx.cn-shenzhen.fcapp.run:443/jquery/canao.png
http://cf-cs-backesmfyx.cn-chengdu.fcapp.run:443/jquery/canao.png
-
access_type
512
-
beacon_type
2048
-
host
cf-c-backelmfyx.cn-shenzhen.fcapp.run,/jquery/canao.png,cf-cs-backesmfyx.cn-chengdu.fcapp.run,/jquery/canao.png
-
http_header1
AAAABwAAAAAAAAANAAAAAgAAAA1QSFBTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAABwAAAAAAAAADAAAADwAAAAsAAAACAAAABXVzZXI9AAAAAQAAAAIlJQAAAAYAAAAGQ29va2llAAAABwAAAAEAAAADAAAADwAAAA0AAAACAAAABWRhdGE9AAAAAQAAAAIlJQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
1792
-
polling_time
3000
-
port_number
443
-
sc_process32
c:\windows\syswow64\rundll32.exe
-
sc_process64
c:\windows\system32\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjgnPjJ5Q78/lnkGWYwvvkYSQWsNRhCdLibCCjI+6H1x+7FAERx040kWDKp7wHLWX3613lCz5NcYYDW0iAYVOr/QlaoOnkgE52q6cu/rkWOFZycqgX8KlejxdbrNov78oAnWgK7er96eBjrTCttqZjFLzykJA4dgFstit+nqtl6wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.181046272e+09
-
unknown2
AAAABAAAAAEAAAAXAAAAAgAAAGMAAAAIAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/jquery/submit.js
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
-
watermark
100000000
Targets
-
-
Target
CobaltStrike.11.exe
-
Size
4.2MB
-
MD5
7284d1a505e0f7c82f857d3c7570aa8d
-
SHA1
0aac013769d0e6d246324c986280dd378565b4a5
-
SHA256
05fd6beb7e048ff9b1521b11b3f7814972a681475257a9afa7f6268104beacd4
-
SHA512
3e9ac9a640302753bc9e5feccca3b23bc99e57145056b241038efb9aac0daca2c96c2239684e982745eeabc36b3405db8488acbf775bc1ba673a2419a581816d
-
SSDEEP
98304:sUFz/Aft66vzwlhhawFLOAkGkzdnEVomFHKnP:syW6rrawFLOyomFHKnP
Score10/10 -