cobaltstrike

General

Target

【长安马自达服务部】张国子服务申请表.exe
Size

7.4MB
Sample

230813-r6nk8adb44
MD5

fe5041436b0b3794a38cc35a3decdd5a
SHA1

ef586c4e74c90064d9512e36d082c82cc30c0494
SHA256

6c7f8b417df33726f5660ddb3eb8f7fb4ea09b36db55fafbc72b54bdb57ff597
SHA512

5cc5137710861949ab52fa6f580af2f1754c31af012aa8ad3e3f094164d6e00cb2257ff69c5820ad5a4b2b933acd111299087761b7d4d440ed942d589d0f491d
SSDEEP

3072:wUGWFt7bjNfdC0vEpFyevAbGJ6Tftx3CLt/f:hFTfdC0sLjvMhat

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

93347

C2

http://download-file.oneban.cn.o8e48uqf.aidns.host:443/jquery/2.0.1/jquery.min.js

Attributes

access_type
512
beacon_type
2048
host
download-file.oneban.cn.o8e48uqf.aidns.host,/jquery/2.0.1/jquery.min.js
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAdSG9zdDogZG93bmxvYWQtZmlsZS5vbmViYW4uY24AAAAHAAAAAAAAAAMAAAACAAAAClNFU1NJT05JRD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAAEAAAAB1Ib3N0OiBkb3dubG9hZC1maWxlLm9uZWJhbi5jbgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCek/k6ZlMdPp5Nf9Y+sbrQEVw8hF5hJboZPLMMEXhePjTnsFvL8BI2W9nn0U2b6xI0foyxkeu7oSD6dYBVwK0jNIjBZ1t/dOUKeJ655/kxXjsagY9ANKx/qTtvakHYsTqhOsrxLw1pjVGiTA8kA0pGlpc5Dx+8K3g5//1xIOKjFwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.16770176e+09
unknown2
AAAABAAAAAEAAAXyAAAAAgAAD64AAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/jquery/2.0.2/jquery.min.js
user_agent
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
watermark
93347

Targets

- Target
  
  【长安马自达服务部】张国子服务申请表.exe
- Size
  
  7.4MB
- MD5
  
  fe5041436b0b3794a38cc35a3decdd5a
- SHA1
  
  ef586c4e74c90064d9512e36d082c82cc30c0494
- SHA256
  
  6c7f8b417df33726f5660ddb3eb8f7fb4ea09b36db55fafbc72b54bdb57ff597
- SHA512
  
  5cc5137710861949ab52fa6f580af2f1754c31af012aa8ad3e3f094164d6e00cb2257ff69c5820ad5a4b2b933acd111299087761b7d4d440ed942d589d0f491d
- SSDEEP
  
  3072:wUGWFt7bjNfdC0vEpFyevAbGJ6Tftx3CLt/f:hFTfdC0sLjvMhat
Score

10^/10

cobaltstrike 93347 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3