cobaltstrike | 17731062e8cb8a17003f9fa1fc6149f239b76a29836bf1541e90df43ba3d0cb3

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
12-08-2023 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17731062e8cb8a17003f9fa1fc6149f239b76a29836bf1541e90df43ba3d0cb3.exe
Size

399KB
MD5

f3ac1c8c3215688a9975678a399153e2
SHA1

885fd814acb46be1cf53ad1e63c21b41eccfd0d6
SHA256

17731062e8cb8a17003f9fa1fc6149f239b76a29836bf1541e90df43ba3d0cb3
SHA512

326936b254ce6c805caa655eec7572e86fd0e1babb76d53908fb622bbb8f096524e7ec0038346164d9ea4a43696d039d3515b8da9d689cc3ae500dd04314801f
SSDEEP

6144:D/CQz+iXRbaFOre8kPd0EQIpls4/q3C1BIAFzm50xJK2QJXAsI:D/B6iNEWIPd0ENrsEq3C1BHFq5CK2Q

Score

10^/10

cobaltstrike 0 1359593325 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

http://time.api.chinabm.cn:443/owa/

Attributes

beacon_type
2048
host
time.api.chinabm.cn,/owa/
http_header1
AAAAEAAAABZIb3N0OiBvdXRsb29rLmxpdmUuY29tAAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAACGQ29va2llOiBNaWNyb3NvZnRBcHBsaWNhdGlvbnNUZWxlbWV0cnlEZXZpY2VJZD05NWMxOGQ4LTRkY2U5ODU0O0NsaWVudElkPTFDMEY2QzVEOTEwRjk7TVNQQXV0aD0zRWtBakRLakk7eGlkPTczMGJmNzt3bGE0Mj1aRzB5TXpBMktqRXMAAAAHAAAAAAAAAA0AAAAFAAAAAndhAAAACQAAAA5wYXRoPS9jYWxlbmRhcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABZIb3N0OiBvdXRsb29rLmxpdmUuY29tAAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAABAAAADQAAAAUAAAACd2EAAAAHAAAAAAAAAA0AAAACAAAABndsYTQyPQAAAAIAAAALeGlkPTczMGJmNzsAAAACAAAAEk1TUEF1dGg9M0VrQWpES2pJOwAAAAIAAAAXQ2xpZW50SWQ9MUMwRjZDNUQ5MTBGOTsAAAACAAAAOE1pY3Jvc29mdEFwcGxpY2F0aW9uc1RlbGVtZXRyeURldmljZUlkPTk1YzE4ZDgtNGRjZTk4NTQ7AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
GET
jitter
5120
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\gpupdate.exe
sc_process64
%windir%\sysnative\gpupdate.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgwZtr5WmRWGqXa6bxdqQDUmj+XU+vA4zK2b7Nfzq4qy143458ufxXidOMjoSLVP3BqyJgWamd0KYY7Yt3bDmFbWashi7f+OYdWpDNixd5AvcGOOzQhShEZ/0Uz8CG/gc99swyssnxs0YBg9Hka4Wh0ufxO89KSApuLegLE5i1/QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.448416512e+09
unknown2
AAAABAAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown3
1.610612736e+09
uri
/OWA/
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)
watermark
1359593325

Extracted

Family

cobaltstrike

Botnet

Attributes

watermark
0

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\17731062e8cb8a17003f9fa1fc6149f239b76a29836bf1541e90df43ba3d0cb3.exe
"C:\Users\Admin\AppData\Local\Temp\17731062e8cb8a17003f9fa1fc6149f239b76a29836bf1541e90df43ba3d0cb3.exe"
1⤵
PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1228-134-0x00000122DB930000-0x00000122DBA30000-memory.dmp

Filesize
1024KB

Download
memory/1228-133-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download
memory/1228-135-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download
memory/1228-136-0x00000122DB930000-0x00000122DBA30000-memory.dmp

Filesize
1024KB

Download
memory/1228-137-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download
memory/1228-138-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download
memory/1228-139-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download
memory/1228-140-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download
memory/1228-141-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download
memory/1228-142-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download
memory/1228-143-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download
memory/1228-144-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download
memory/1228-145-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download
memory/1228-146-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download
memory/1228-147-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download
memory/1228-148-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download
memory/1228-149-0x00007FFC95320000-0x00007FFC953AD000-memory.dmp

Filesize
564KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads