cobaltstrike

General

Target

2941c95c651a851d37fa94083c9a60738652ea70fb6f8f4e43c3433dae5e43e8
Size

549KB
Sample

230626-etd5sshc6w
MD5

4e4db89841979de3205906411986b07d
SHA1

74d600fc823f74b6468cb741062ee5012761aeff
SHA256

2941c95c651a851d37fa94083c9a60738652ea70fb6f8f4e43c3433dae5e43e8
SHA512

504ecb874c9d070b39081256c543a04b4ec12ba405ecbbff8fe670d364140fad4814fb7648e99f608a4a1d720a644882d28a8931db6eeb54abb611d697db9cd9
SSDEEP

12288:cd87Nw1UbxnttI2kszbBu7ahyOzcp64y90:zw1UbxttPkR9+cp64y

Score

10^/10

cobaltstrike 0 backdoor cryptone packer trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://potasip.com:443/Inform/v8.71/V6PGG8YFP

Attributes

access_type
512
beacon_type
2048
host
potasip.com,/Inform/v8.71/V6PGG8YFP
http_header1
AAAACgAAADhBY2NlcHQ6IGltYWdlLyosIGFwcGxpY2F0aW9uL3hodG1sK3htbCwgYXBwbGljYXRpb24vanNvbgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlcy1lYwAAAAoAAAAjQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eSwgY29tcHJlc3MAAAAHAAAAAAAAAA8AAAALAAAAAgAAAB9zZWN1cmVfaWRfRlJCQ1JSOVlJNTFDUjZFQlNHUks9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACtBY2NlcHQ6IHRleHQvaHRtbCwgYXBwbGljYXRpb24veG1sLCBpbWFnZS8qAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IHJvLW1kAAAACgAAACNBY2NlcHQtRW5jb2Rpbmc6IGNvbXByZXNzLCBpZGVudGl0eQAAAAcAAAAAAAAADwAAAAgAAAAFAAAACV9DVEZHRUhNWgAAAAcAAAABAAAADwAAAAgAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
12032
polling_time
65164
port_number
443
sc_process32
%windir%\syswow64\svchost.exe -k wksvc
sc_process64
%windir%\sysnative\dllhost.exe -o enable
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwmDPf5eB+sbbzIHFKmCvzkErU8dHYucVwhJGmnrc0pLHyO9XMovzcZjnua2lw3j0OsxmH0G7juEYW4tSxq09zkxRr0wdwtSY04hLW9OYej51HE45hVCMFlkHOs7GiuptveyvCx+q/ngSnLAcPkogNJ2Gzzp89PKI1sZljY+woOwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.141448704e+09
unknown2
AAAABAAAAAEAAASeAAAAAgAABJ4AAAALAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/Annotate/v8.17/2PGIS0PDXLI
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36
watermark
0

Targets

- Target
  
  2941c95c651a851d37fa94083c9a60738652ea70fb6f8f4e43c3433dae5e43e8
- Size
  
  549KB
- MD5
  
  4e4db89841979de3205906411986b07d
- SHA1
  
  74d600fc823f74b6468cb741062ee5012761aeff
- SHA256
  
  2941c95c651a851d37fa94083c9a60738652ea70fb6f8f4e43c3433dae5e43e8
- SHA512
  
  504ecb874c9d070b39081256c543a04b4ec12ba405ecbbff8fe670d364140fad4814fb7648e99f608a4a1d720a644882d28a8931db6eeb54abb611d697db9cd9
- SSDEEP
  
  12288:cd87Nw1UbxnttI2kszbBu7ahyOzcp64y90:zw1UbxttPkR9+cp64y
Score

10^/10

cobaltstrike 0 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2