cobaltstrike

General

Target

Desktop.zip
Size

22KB
Sample

230619-p5ycxsfa61
MD5

ed8a7b422fc9604b4ae40f230262eabf
SHA1

d418f4c6c2e16c3c78c3207ad602dea1d87425ad
SHA256

d187a04785a352207caa540ae530d4f3fcdb4b7b04672a6941a48fde82440521
SHA512

71b6b2f114df27409d1ece4863e774b0770862c956abf595da77eb69d7e3517c82dcab6ff58fe74f573fdc8d8a0fe89bc9fa1e07f0f38ae3126f578b431d027c
SSDEEP

384:rI6w8QzQln0TLCtMmh0uJHccH6HmPx3PoyfBpGBMIG0g+bCtO+N8Un0iNw:rIXzJTLCtMTQ8cH6HmdwQBpGCF9oK1n4

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://123.60.165.221:8099/vue.min.js

Attributes

headers User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://123.60.165.221:8099/api/getit

Attributes

access_type
512
host
123.60.165.221,/api/getit
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
polling_time
3000
port_number
8099
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnCZHWnYFqYB/6gJdkc4MPDTtBJ20nkEAd3tsY4tPKs8MV4yIjJb5CtlrbKHjzP1oD/1AQsj6EKlEMFIKtakLx5+VybrMYE+dDdkDteHmVX0AeFyw001FyQVlt1B+OSNPRscKI5sh1L/ZdwnrMy6S6nNbQ5N5hls6k2kgNO5nQ7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/api/postit
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36
watermark
305419896

Targets

- Target
  
  923da2573554c39f08e64ca8a166b8459bf49337f04daeb62ec64960950b44c9.exe
- Size
  
  27KB
- MD5
  
  8ce3ebb06ec70ab510c439e70cb7327f
- SHA1
  
  96cd8bb2ccd49e5ebcec618d45fb6d38536019a6
- SHA256
  
  923da2573554c39f08e64ca8a166b8459bf49337f04daeb62ec64960950b44c9
- SHA512
  
  e67bf0766ad0dcfc9e8907832c5d87f1abaf5d99378f0b27f59d0859d8e6a255b2f2022d63657e29a53935d06da1610b0745fa6c2ca6a1314b59cdcd9e80a2c1
- SSDEEP
  
  384:aEsivReRS824N8WNTs7J1ifgHA1rGc4ltLT71E:oivReRSUN8es7bifgMWPT71
Score

10^/10

cobaltstrike metasploit 305419896 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
behavioral1 behavioral2
- Target
  
  c1b5bef80277a6fcab7f43ca39a104a652cc1ea24c6c38086680b53980327a3c.exe
- Size
  
  27KB
- MD5
  
  785cd8fac4b5e733058c687635ae3a08
- SHA1
  
  22bc377bb2f3473288fe2c43ea3c0801052040c5
- SHA256
  
  c1b5bef80277a6fcab7f43ca39a104a652cc1ea24c6c38086680b53980327a3c
- SHA512
  
  3b65ba8105ef6a9639b44c5e7ed6bcf641aaaf60119047ea0eae7561a514a2e82f7ce00a5208a1640dd47c3627b090b1d2b0fef6cc966f99e40ae64c503a7ea5
- SSDEEP
  
  384:wR2e+Sws1NUJmcLJ1i3gHA1rGcTltLT71:wR2e+S7NU8cLbi3gMNPT71
Score

10^/10

cobaltstrike metasploit 305419896 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
behavioral3 behavioral4
- Target
  
  d80516c34b47e50d22e42e8265aebdbc39cfcb0a36805eef9482233e51f00243.exe
- Size
  
  27KB
- MD5
  
  980020f085752b1f64b3d4ac8d3d630b
- SHA1
  
  ae1759e28753301ee4b761ca7f1d25166d60661f
- SHA256
  
  d80516c34b47e50d22e42e8265aebdbc39cfcb0a36805eef9482233e51f00243
- SHA512
  
  0c3cbb7b2d16b1c7785edf3501c178a1f02fa434ce92f12be834ab4f74ffcf671da4810139de885ef614127b56a1c097e9c11be8f98f50eb4ea80faea8c8a950
- SSDEEP
  
  384:CEsivReRS824N8WNTs7J1ifgHA1rGc4ltLT71E:wivReRSUN8es7bifgMWPT71
Score

10^/10

cobaltstrike metasploit 305419896 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
behavioral5 behavioral6

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MetaSploit

Cobaltstrike

MetaSploit

Cobaltstrike

MetaSploit

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6