cobaltstrike

General

Target

beacon.exe
Size

278KB
Sample

230406-w7q5ysed74
MD5

f56dd43e69649c5b4e1224e18a71c6a8
SHA1

f3c8d482806572f76c62fa11b57d4c3e5b13a0f5
SHA256

ca98b79ddd7777098f868b94ab0b9a4bb57ce61c9d7f2438fb64cae7dcdeb9f9
SHA512

83de74d97d56a114066988de26b2dbc2fbf225ba33b82b24d9a664d4c31fa46af6a3660f88b12ffa9722ec1ca2961b6a1602bb7888d22cee6113c2da81e2082f
SSDEEP

3072:IRjDQ3pPKV/jFRctt7qUSLkEbkrFyX+a1skkF9kBItmPo9ESM4iKm6Rl:IRfFAtt7qtYrsCOqESriX6

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

Attributes

beacon_type
1024
host
192.168.22.152
http_header1
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
polling_time
10000
port_number
4444
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnCZHWnYFqYB/6gJdkc4MPDTtBJ20nkEAd3tsY4tPKs8MV4yIjJb5CtlrbKHjzP1oD/1AQsj6EKlEMFIKtakLx5+VybrMYE+dDdkDteHmVX0AeFyw001FyQVlt1B+OSNPRscKI5sh1L/ZdwnrMy6S6nNbQ5N5hls6k2kgNO5nQ7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
watermark
305419896

Targets

- Target
  
  beacon.exe
- Size
  
  278KB
- MD5
  
  f56dd43e69649c5b4e1224e18a71c6a8
- SHA1
  
  f3c8d482806572f76c62fa11b57d4c3e5b13a0f5
- SHA256
  
  ca98b79ddd7777098f868b94ab0b9a4bb57ce61c9d7f2438fb64cae7dcdeb9f9
- SHA512
  
  83de74d97d56a114066988de26b2dbc2fbf225ba33b82b24d9a664d4c31fa46af6a3660f88b12ffa9722ec1ca2961b6a1602bb7888d22cee6113c2da81e2082f
- SSDEEP
  
  3072:IRjDQ3pPKV/jFRctt7qUSLkEbkrFyX+a1skkF9kBItmPo9ESM4iKm6Rl:IRfFAtt7qtYrsCOqESriX6
Score

10^/10

cobaltstrike 305419896 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2