cobaltstrike

General

Target

关于调整北部湾航空基层干部员工2023年7月份绩效考核结果的通知.exe
Size

2.5MB
Sample

230811-bat55abf5s
MD5

404357e3f4b8f6edb0cf09e45b1196cd
SHA1

9d96b73760b3befeadb0da66a6f807d99300311a
SHA256

b3adf38a949bfa704da093f0a23aa8b50c59533c4a0166992264c1bc1c40a78c
SHA512

ec323ff581780f3337ae324529bfa3f5d83e4a17bf40000b1eaab2332626d62aba1833ebf2f1d48adf228a730325d27cf9e1383410180d6c3bf483de25fd81fc
SSDEEP

24576:WWzffWyRde1K/sjcsx3E1PpvMGV5iJ2ynThaft7gDC4HDo:nCqdeesj3x3E118F0gXH8

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1234567890

C2

http://static.cgbchina.com.cn.cloud.360.net.cdn.dnsv1.com:443/Display/chan/IB61I7MYA

Attributes

access_type
512
beacon_type
2048
host
static.cgbchina.com.cn.cloud.360.net.cdn.dnsv1.com,/Display/chan/IB61I7MYA
http_header1
AAAACgAAAEBBY2NlcHQ6IGFwcGxpY2F0aW9uL3htbCwgYXBwbGljYXRpb24veGh0bWwreG1sLCBhcHBsaWNhdGlvbi9qc29uAAAACgAAABNBY2NlcHQtTGFuZ3VhZ2U6IGFmAAAACgAAABxBY2NlcHQtRW5jb2Rpbmc6ICosIGNvbXByZXNzAAAABwAAAAAAAAAPAAAADQAAAAIAAAArc2VjdXJlX2lkX0VaUlBaM0VMOTVQMjEzRVdUWVNNWlRFMzFQVDg2TFlIPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAADJBY2NlcHQ6IGltYWdlLyosIGFwcGxpY2F0aW9uL2pzb24sIGFwcGxpY2F0aW9uL3htbAAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi1nYgAAAAoAAAAdQWNjZXB0LUVuY29kaW5nOiBiciwgY29tcHJlc3MAAAAHAAAAAAAAAA8AAAANAAAABQAAAAlfQ0FLTlJIUksAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
12800
polling_time
10000
port_number
443
sc_process32
%windir%\syswow64\WUAUCLT.exe
sc_process64
%windir%\sysnative\grpconv.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCu0/9/fReMVIpceknp4dAotonYcQjTuErQMUbYY5YT/85fx7zssf1MATf/Dh0SSWjMWfQkq4wqQ0jIKdY72SVDEv/DqPpPxlDA5wNubksLitOVh1NGqr0b8bAgigeGguWcJxsFO+1gY/mjW9GnZGvMt0k5uX3NCsJzL1fpIwLDLQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
8.72947712e+08
unknown2
AAAABAAAAAEAAASeAAAAAgAAA44AAAAIAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/Compute/deployment/VGJZ0HOE8UX5
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36
watermark
1234567890

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Targets

- Target
  
  关于调整北部湾航空基层干部员工2023年7月份绩效考核结果的通知.exe
- Size
  
  2.5MB
- MD5
  
  404357e3f4b8f6edb0cf09e45b1196cd
- SHA1
  
  9d96b73760b3befeadb0da66a6f807d99300311a
- SHA256
  
  b3adf38a949bfa704da093f0a23aa8b50c59533c4a0166992264c1bc1c40a78c
- SHA512
  
  ec323ff581780f3337ae324529bfa3f5d83e4a17bf40000b1eaab2332626d62aba1833ebf2f1d48adf228a730325d27cf9e1383410180d6c3bf483de25fd81fc
- SSDEEP
  
  24576:WWzffWyRde1K/sjcsx3E1PpvMGV5iJ2ynThaft7gDC4HDo:nCqdeesj3x3E118F0gXH8
Score

10^/10

cobaltstrike 0 1234567890 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2 behavioral3