cobaltstrike

Sharing

Copy URL

Twitter E-mail

General

Target

ee451d407ec153b9285b4e7303408b6213be711b27a9e5723b88b6e10554968e
Size

4.2MB
Sample

230816-jqs7rsgg32
MD5

13a18d8752d26620cdd4cf6f65a5da3a
SHA1

0bd7283b2dbd6b5078b9d95014a85f2cea342a40
SHA256

ee451d407ec153b9285b4e7303408b6213be711b27a9e5723b88b6e10554968e
SHA512

8f14c87d55cf2cbda1616037fda8dcbc4b536b5e3a3bdedf121d8728e72615b514d04a3556321afd84e350f138d93994d136fa2c43be0b943ba274dbb5c6c9df
SSDEEP

98304:5+6H+uzoSSLIzuDvxZqS1n3n5LNADUNSnhjX:5V5oSSxvxd1n35LwUN4z

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

http://events02.huawei.com:443/mall_100_100.html

Attributes

access_type
512
beacon_type
2048
host
events02.huawei.com,/mall_100_100.html
http_header1
AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAAj0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45AAAACgAAABxVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxAAAACgAAABpSZWZlcmVyOiBodHRwczovLzEwMDg2LmNuLwAAAAcAAAAAAAAADQAAAAIAAAAFQU5JRD0AAAACAAAAGV9fU2VjdXJlLTNQQVBJU0lEPW5vc2tpbjsAAAABAAAAIztDT05TRU5UPVlFUytDTi56aC1DTisyMDIxMDkxNy0wOS0wAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAD5Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDsgY2hhcnNldD1VVEYtOAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAMFJlZmVyZXI6IGh0dHBzOi8vc2hvcC4xMDA4Ni5jbi9tYWxsXzEwMF8xMDAuaHRtbAAAAAcAAAAAAAAADQAAAAUAAAAIX19mb3JtaWQAAAAJAAAAFHNyY2hmcm9tPW5SS2p4elpSUnh4AAAACQAAABJmaWVsZG5hbWU9Q3pMdUV4S2wAAAAJAAAAFHNlYXJjaHNvcnRpZD1NYnpTRW5CAAAABwAAAAEAAAANAAAAAgAAACphaWRfPTUyMjAwNTcwNSZhY2N2ZXI9MSZzaG93dHlwZT1lbWJlZCZ1YT0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9472
polling_time
10000
port_number
443
sc_process32
%windir%\syswow64\runonce.exe
sc_process64
%windir%\sysnative\runonce.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQEyj01+8K43wqFCQJ8vl0ELIlfQWn1SFdqCrrshAjb6CzR0H8n2L6NnHXzek+xky/OARuk4tMm1XMz3ghLGagCRm6QFzmG32G9sEHQJIhrraEs5wpvuR6bZGrTpGAa7eJiXsZhOcVGwKHLOA0tXnhlmGNSjIk5AaGqZNNET0N2wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.11638017e+08
unknown2
AAAABAAAAAEAAAglAAAAAgAACCUAAAACAAACyAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/ajax/recharge/recharge.json
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4044.62 Safari/537.36
watermark
391144938

Targets

- Target
  
  猪八戒股份有限公司-需求/猪八戒股份有限公司-需求.docx.lnk
- Size
  
  823B
- MD5
  
  7b8b9e6b27feae60fdca3fb3c85835b1
- SHA1
  
  fc8d1c04bbd9aafdb1bffa0288ef656c5c0a3c9c
- SHA256
  
  044b92f426a1a3c96dfde1b5c2e836a0f07e827fdd89473d38edd1eb2a52fa4e
- SHA512
  
  55b263eef599ff9b8b56bad4118cef037ed350d2f38b5cea65544d9aab391f8f1d4936020479c2caaaf9f0df3381797169528f278bd10cb663dce22d63e2db1e
Score

10^/10

cobaltstrike 391144938 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2
- Target
  
  猪八戒股份有限公司-需求/营业执照/.__MACOS__/.__MACOS__/._MACOS_/333.vbs
- Size
  
  311B
- MD5
  
  d2018564269fca4e2e3d5273a3cfd8e3
- SHA1
  
  8e3aa2b99fd3f0e72cd660fe45357a81b3aac249
- SHA256
  
  7162f36c83a7d4af34313c544bac0527358c8373d4209de9df9e51dcf30e22e7
- SHA512
  
  d7609c40f623f21c0b5c2401da884b8071010caea4f092d41a10a9eeb0eae21d7e01403340c2a563b4672bceeee4ac1fd375b21a5f8539f38c909af37d833b4e
Score

10^/10

cobaltstrike 391144938 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral3 behavioral4
- Target
  
  猪八戒股份有限公司-需求/营业执照/.__MACOS__/.__MACOS__/._MACOS_/_ctypes.pyd
- Size
  
  130KB
- MD5
  
  9e18aca18e4ece1c187f8c0cd12a5c8f
- SHA1
  
  a8ba36a9eea969d722a9ae90139d4d59f643f951
- SHA256
  
  3351627469ea8965b08bafc9de18d1d890479357df6bc8917f7218535e02f211
- SHA512
  
  237b0ef23d0a91014581b94f5c7696da1ab3c1c3a51f6ffe10787c65dc4f5a90d1760e4088afc9acc27bae7f159a32fa3e7a9b15daba5950751932683e9373b3
- SSDEEP
  
  3072:hFHggvfQuiAnxL3RIF5Hfbr/IHWfxI1VPm:sgvZnxhw5HfbroKX
Score

3^/10
behavioral5 behavioral6
- Target
  
  猪八戒股份有限公司-需求/营业执照/.__MACOS__/.__MACOS__/._MACOS_/pp.py
- Size
  
  482KB
- MD5
  
  6846900f02e965b320154660d209e7e9
- SHA1
  
  9a53dc4412b08829d5d2f25eafe4c5cb31c29db3
- SHA256
  
  8abc04d6648f598bfc0e35384c0073fd4dbc80b37f7cc3c25ba7d828a6ee2830
- SHA512
  
  c9945fbe82367270153c18611402533f1f70d31cd7b2b66d3c57d29fe0ee9dc493073fbaf68faa2d85b32e5122d6cf7197ef58168aa9e15bb6f2704b2cf4d07c
- SSDEEP
  
  6144:h5QFywuQUVP/UykQcqTxhKZhm8fPY3rOg2lVKb1Bfncf6zsxGw9dws78hpmf0U+4:XgyBaPlVHzGwas78E02
Score

3^/10
behavioral7 behavioral8
- Target
  
  猪八戒股份有限公司-需求/营业执照/.__MACOS__/.__MACOS__/._MACOS_/python.exe
- Size
  
  97KB
- MD5
  
  60794b301a482407276712acfeaaec06
- SHA1
  
  21bcb2fa08ab9b17bbbfc57a33877a15448e04a8
- SHA256
  
  c33cbae201fb0791988cf5c26ce8d0f98b3cf213aca3765c8cf79f00e9c7a8ec
- SHA512
  
  a06939779741c025ec11c1f7d9bd5678b5452099a471234ed4df8722c0942007a48eb0ecc4032d32ac970359646bccc3d1b6db6f2f77310fd4a68a7cfcadbea5
- SSDEEP
  
  1536:lwvhKbuEYE+9z2wp+FavGmhMn+IhzZtzs/AXRjyPx:lwvhKbuAs0FNmhMn+IhNW/AXROx
Score

1^/10
behavioral10 behavioral9
- Target
  
  猪八戒股份有限公司-需求/营业执照/.__MACOS__/.__MACOS__/._MACOS_/python37.dll
- Size
  
  3.6MB
- MD5
  
  d558d4db5a6bd29a8b60b8aa46e5329a
- SHA1
  
  a5036009de7165b1b4721263eae4b240ee689095
- SHA256
  
  1cfdd40a9107d89310e4e3b6df5f25f26944b312e61638d014f1b1a8050ccc07
- SHA512
  
  5590fbd6c9c81293b21e9da9d35d5177f03ba3d247771e4abef3420420d9024f3a775796d73becd5aeb469df648d3105a016693c6b8f68e8c61399212439eebf
- SSDEEP
  
  49152:1TeuSWg7sxvzSxFHYxcim9kOTl8MiYGYwjy9x6xN2BjXISsOIjbXH3EM6nPP8MTj:dcdOMiY+yXCNnjTHUM68wsNyPH
Score

3^/10
behavioral11 behavioral12
- Target
  
  猪八戒股份有限公司-需求/营业执照/.__MACOS__/猪八戒股份有限公司需求.docx
- Size
  
  11KB
- MD5
  
  e7c154beecc81b84a9eaeb55b52f233d
- SHA1
  
  42d563e3500a057e75f3ff7ac52c3982b3a23ae0
- SHA256
  
  88a1eb52b76e38eed5270479d2a4d332b4f7d2492dea9cc163665fbfbc658337
- SHA512
  
  08fce4fc59640be1bb7499fb01da427775b6e8d2b5191d309ef73180d8be9fee3b899a58e644e53a9de40b2824c4a41347a1134ada750c48e81fe04f0a9b659f
- SSDEEP
  
  192:6isXuVxbdN4XdsX1eLQQcH+pUUyR53ZGND1G+lcy58GH67gE6rUmfw5V5EJrmsvV:6deVBd2eo2eErpGND1Gf4f7f47armsIE
Score

4^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Cobaltstrike

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14