cobaltstrike

General

Target

ba115c5fad7b897a6d2f76aa8b65530c272b1b5ea14538d2c303478e1784ddaa
Size

2.5MB
Sample

230529-facy3aaa51
MD5

eb370563b21120f59dc83898c9b08a84
SHA1

4736e4b3b21c0a3a133244b07307308020381835
SHA256

ba115c5fad7b897a6d2f76aa8b65530c272b1b5ea14538d2c303478e1784ddaa
SHA512

ea7505b7c07b54d2b0772c244e363c027e53b0642bf357899ca5a37a0ed86abb720d8f00f25bfe79f804e3159f870b555f0639a723dfdad4b958cfe685bb911e
SSDEEP

49152:/CU9UaEo2+gDs6sWs6KczpGRY9AHyDBDjMo0mHMB8/sAH1hwI8b0llyYDLBK:/+o2VfU

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://43.138.234.86:80/js/components/content-info-b0c0e5245b.js

Attributes

access_type
512
host
43.138.234.86,/js/components/content-info-b0c0e5245b.js
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAABMQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOCx6aC1UVztxPTAuNyx6aC1ISztxPTAuNSxlbi1VUztxPTAuMyxlbjtxPTAuMgAAAAcAAAAAAAAAAwAAAAIAAABDaHR0cHM6Ly9iYWlkdS5jb20vaG9tZS94bWFuL2RhdGEvdGlwc3BsdXNsaXN0P2luZGV4dHlwZT0xJl9fY2ZkdWlkPQAAAAYAAAAHUmVmZXJlcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAABMQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOCx6aC1UVztxPTAuNyx6aC1ISztxPTAuNSxlbi1VUztxPTAuMyxlbjtxPTAuMgAAAAoAAAAfWC1Gb3J3YXJkZWQtRm9yOiAyMjAuMTgxLjM4LjI1MQAAAAcAAAAAAAAAAwAAAAIAAABDaHR0cHM6Ly9iYWlkdS5jb20vaG9tZS94bWFuL2RhdGEvdGlwc3BsdXNsaXN0P2luZGV4dHlwZT0xJl9fY2ZkdWlkPQAAAAYAAAAHUmVmZXJlcgAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
15360
polling_time
12000
port_number
80
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAgL19Ss9DZX0i7ZMA4LRVgfEjUL/rj4613w4o/HB8MQ3qeZwZ4s+mhpYe9fQfx31G8eY1JZzMqbr1P9pOfDrS99wJZzHeBnWBV2d18qiuaa1I91LQGPAqHd14B3g69eZ9ztxqhlOdO9nF0SQ5GxJGOmFvGYS6n2nerQTV8x/S7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.24495488e+09
unknown2
AAAABAAAAAEAAAXeAAAAAgAAADkAAAACAAAPTwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/js/super_load-9f784471ea.js
user_agent
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0.0)
watermark
100000

Targets

- Target
  
  ba115c5fad7b897a6d2f76aa8b65530c272b1b5ea14538d2c303478e1784ddaa
- Size
  
  2.5MB
- MD5
  
  eb370563b21120f59dc83898c9b08a84
- SHA1
  
  4736e4b3b21c0a3a133244b07307308020381835
- SHA256
  
  ba115c5fad7b897a6d2f76aa8b65530c272b1b5ea14538d2c303478e1784ddaa
- SHA512
  
  ea7505b7c07b54d2b0772c244e363c027e53b0642bf357899ca5a37a0ed86abb720d8f00f25bfe79f804e3159f870b555f0639a723dfdad4b958cfe685bb911e
- SSDEEP
  
  49152:/CU9UaEo2+gDs6sWs6KczpGRY9AHyDBDjMo0mHMB8/sAH1hwI8b0llyYDLBK:/+o2VfU
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2