cobaltstrike

General

Target

Copy of artifact.exe
Size

14KB
Sample

230406-w8n2zsgd5w
MD5

32b32ee67296424e3de3d405811e43f0
SHA1

a075f96e2a91b7d9365682c20445f5be6ba7fa7a
SHA256

7a8e1bddb3ded70bd5b084b0e1696ce713ed6f5b13ac3dd74ab5d22fb2d7b021
SHA512

6064bf460ad571db47af44d301e337e904e43f07028c1990b3b33016dea92fef9035b756f85af8858b33df6e7f489fb1e1c981840b9ae1265603f3b769276582
SSDEEP

192:hHCugRK83SxHn2OQ/dmBI4KBPwgir+xzzSx5pbqUqV/Qjo7AGa:pCxRKqbOCdWIVBPk+xzzSxTfCXAn

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://43.139.19.125:8585/T8ld

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://43.139.19.125:8585/push

Attributes

access_type
512
host
43.139.19.125,/push
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
polling_time
60000
port_number
8585
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnCZHWnYFqYB/6gJdkc4MPDTtBJ20nkEAd3tsY4tPKs8MV4yIjJb5CtlrbKHjzP1oD/1AQsj6EKlEMFIKtakLx5+VybrMYE+dDdkDteHmVX0AeFyw001FyQVlt1B+OSNPRscKI5sh1L/ZdwnrMy6S6nNbQ5N5hls6k2kgNO5nQ7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.3; .NET CLR 2.0.50727)
watermark
305419896

Targets

- Target
  
  Copy of artifact.exe
- Size
  
  14KB
- MD5
  
  32b32ee67296424e3de3d405811e43f0
- SHA1
  
  a075f96e2a91b7d9365682c20445f5be6ba7fa7a
- SHA256
  
  7a8e1bddb3ded70bd5b084b0e1696ce713ed6f5b13ac3dd74ab5d22fb2d7b021
- SHA512
  
  6064bf460ad571db47af44d301e337e904e43f07028c1990b3b33016dea92fef9035b756f85af8858b33df6e7f489fb1e1c981840b9ae1265603f3b769276582
- SSDEEP
  
  192:hHCugRK83SxHn2OQ/dmBI4KBPwgir+xzzSx5pbqUqV/Qjo7AGa:pCxRKqbOCdWIVBPk+xzzSxTfCXAn
Score

10^/10

cobaltstrike metasploit 305419896 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MetaSploit

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2