cobaltstrike

General

Target

b17d23ea9c0f3e5c97867599a903fbff.bin
Size

121KB
Sample

230717-b94hvaae5z
MD5

caeb1fb7660fbaa4919d9b2ac299118b
SHA1

5482d7d891ce0e36a3383ef08133f5c5cb73e4da
SHA256

5709767906d949769cf26e6ddd9e60ce0f75c4887796d80d8d02f790fea5d728
SHA512

28e7039876c9246ba8fbc214fea29d4809ea1723c3844dd124a3eed129a428f0725eeef592582df8e03e0ac018e0c98aabf42c6f07ebb9e63de621f429b20e4c
SSDEEP

3072:szzXGFjYP0vuJRr8g+6zvHt3k1jg8FkzNP8hYYGAB:GaVI0WYv6DHOjg8FuNP87G6

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

666666

C2

http://service-4yorw5on-1310046338.bj.apigw.tencentcs.com:443/s

Attributes

access_type
512
beacon_type
2048
host
service-4yorw5on-1310046338.bj.apigw.tencentcs.com,/s
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAA8QkFJRFVJRD04OUJDOTQ3M0U2MDNEODtCSURVUFNJRD04OUJDOTRFMjJERDAxOTtyc3Zfam1wX3Nsb3c9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAA8QkFJRFVJRD04OUJDOTQ3M0U2MDNEODtCSURVUFNJRD04OUJDOTRFMjJERDAxOTtyc3Zfam1wX3Nsb3c9AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
11008
polling_time
50000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDASkBNxG937VYrqwDEI9Euaiu9pUK1HLNs3B4Qa3+oKUB98PXvBfNj0L15dIarQ4YidB59FjJU9/PJF/BX9iC0FR7bsusvJW0UBMC/ly6mLUCinPlgsL8eKdPvkgY/zCizjCeHe3WCneCs0HgJ2P41eOK48eTgWvM8IABrDQP+uwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.868436736e+09
unknown2
AAAABAAAAAEAAAXVAAAAAgAAA0IAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/S
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36
watermark
666666

Targets

- Target
  
  6b3be5de40b3f2d063389b53e5fc63950ee2b9aad46d5ecc1e23c546746952b3.exe
- Size
  
  233KB
- MD5
  
  b17d23ea9c0f3e5c97867599a903fbff
- SHA1
  
  52ece5b5aa391c863e93ae4553aa4863260c5d92
- SHA256
  
  6b3be5de40b3f2d063389b53e5fc63950ee2b9aad46d5ecc1e23c546746952b3
- SHA512
  
  fd41640d0d7a64fe6f5fd2ae466b97dfa66f8c191f9625c862730eddc78fa76653a656cd372fb1a1bb21b84223a5046448887501496523c7d2a98271e2e90b3b
- SSDEEP
  
  3072:bFzIvEdt1bmmkKKgTVVVDEunfs9ivZ+J97NCqZu0/N1ipwz9xKu:Rzrf1bkgN5sbR8AN1Jpwu
Score

10^/10

cobaltstrike 666666 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1

T1130

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2