cobaltstrike

General

Target

3b31c03485aca944b2cf7929a27edfebb2ae042d1c9e45fae84796b0690b7dab
Size

2.0MB
Sample

230806-jxgsbahg3t
MD5

31c981534683950dd0be7cf743d99dd9
SHA1

07d4dc535e479b7bfb15be7b9a55f9d9e84e1537
SHA256

3b31c03485aca944b2cf7929a27edfebb2ae042d1c9e45fae84796b0690b7dab
SHA512

61ded69ba8c4f5b3b5bad054e1ccc686275e76044f4bf33aac843512bd9b0413dc9bf7d2f1280e3f57ac5381d8fecb7eeb83ea29b1a2576a7e5df895e83cc5fe
SSDEEP

49152:QdFHdj73vWrb/TyvO90d7HjmAFd4A64nsfJwWN9g3D1xCCgtg/h2wmMYN:03vW4qae

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

Attributes

beacon_type
512
http_header1
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
pipe_name
\\.\pipe\foobar
polling_time
10000
port_number
4444
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCH+TuORWhlSvPRuBuEAFU4UHQuE+Zb23h0CGtYuEl2Mq6HaUbIgjN+kUhMWSmmmuCtxYweaey3BEL+wqNfF8nYVKN8J0REL4BwW/+KGMxUU7/MO69ki9BWayGjR389BS1axCnTqBZasMy1ngzZ1C1/3I+78usiennOuA0+o6dNCQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
watermark
305419896

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Targets

- Target
  
  3b31c03485aca944b2cf7929a27edfebb2ae042d1c9e45fae84796b0690b7dab
- Size
  
  2.0MB
- MD5
  
  31c981534683950dd0be7cf743d99dd9
- SHA1
  
  07d4dc535e479b7bfb15be7b9a55f9d9e84e1537
- SHA256
  
  3b31c03485aca944b2cf7929a27edfebb2ae042d1c9e45fae84796b0690b7dab
- SHA512
  
  61ded69ba8c4f5b3b5bad054e1ccc686275e76044f4bf33aac843512bd9b0413dc9bf7d2f1280e3f57ac5381d8fecb7eeb83ea29b1a2576a7e5df895e83cc5fe
- SSDEEP
  
  49152:QdFHdj73vWrb/TyvO90d7HjmAFd4A64nsfJwWN9g3D1xCCgtg/h2wmMYN:03vW4qae
Score

10^/10

cobaltstrike 0 305419896 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2