cobaltstrike

Sharing

Copy URL

Twitter E-mail

General

Target

ad13edebad6e7f683c487f94d4d4d4209cea770a9dfc757df8a94d9059d75cfd
Size

4.5MB
Sample

230907-c8x54sdh9w
MD5

22dae34bbb5f71141542cb92c9abbd6f
SHA1

798d36d8f5f357fb8f2dc1d52a367f13d8721fcd
SHA256

ad13edebad6e7f683c487f94d4d4d4209cea770a9dfc757df8a94d9059d75cfd
SHA512

57be7b21852f7c47cab82c0eb27f3eb07d3dbe9b9790598c4b8baecbaf4767fdeac5e7ac1bb41eb4b328ad870d5c170d5844998345ed9cfa11814ea6ddad2ccd
SSDEEP

49152:aAPuOT+3x3Dwarb/T2vO90d7HjmAFd4A64nsfJcIrJ6d0lZETpvoCFEFKwKl81RP:Y3DrmCZ/G8pE9J

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

http://139.180.159.96:443a0zKz1YQVFvYxEWe1YxM

Attributes

user_agent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Extracted

Family

cobaltstrike

Botnet

100000

http://139.180.159.96:443/c/qqdownload/update/others/2021/12/29136388_

Attributes

access_type
512
beacon_type
2048
host
139.180.159.96,/c/qqdownload/update/others/2021/12/29136388_
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAaSG9zdDogZG93bmxvYWQudGVuY2VudC5jb20AAAAKAAAAGlNlYy1GZXRjaC1TaXRlOiBjcm9zcy1zaXRlAAAACgAAABVTZWMtRmV0Y2gtRGVzdDogaW1hZ2UAAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOQAAAAcAAAAAAAAAAwAAAAIAAAAMc2Vuc29yc2RhdGE9AAAAAgAAABRwZ3ZfcHZpPTU4NzQyNTg0Mjk7IAAAAAIAAAAeX19yb290X2RvbWFpbl92PS50ZW5jZW50LmNvbTsgAAAAAQAAABw7IF9xZGRhej1RRC41ODc0NTY4NzE1MTY1NzE7AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAaSG9zdDogZG93bmxvYWQudGVuY2VudC5jb20AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOQAAAAcAAAAAAAAAAgAAAAxzZW5zb3JzZGF0YT0AAAACAAAAFHBndl9wdmk9NTg3NDI1ODQyOTsgAAAAAgAAAB5fX3Jvb3RfZG9tYWluX3Y9LnRlbmNlbnQuY29tOyAAAAABAAAAHDsgX3FkZGF6PVFELjU4NzQ1Njg3MTUxNjU3MTsAAAAGAAAABkNvb2tpZQAAAAcAAAABAAAADQAAAAEAAAAELmNhYgAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
5120
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLhfaxIi1ZSpnzZa/titxJFMRsRZiBhD6nFxcw6m23B6ltHakrFKpQGKjz5h1m+F3lDS11amNbgcOepiUhWLg3umvOKmZyh8GZXX9QSgbBu706qJvOVHmnlaZVzxr/gU6UAsSG0qbmbUp05ukARDufQnockKQYOwesWiYbIZeTsQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.976536064e+09
unknown2
AAAABAAAAAEAAANEAAAAAgAAAqkAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown3
1.610612736e+09
uri
/c/qqdownload/update/others/2021/12/3215234_
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
watermark
100000

Targets

- Target
  
  ad13edebad6e7f683c487f94d4d4d4209cea770a9dfc757df8a94d9059d75cfd
- Size
  
  4.5MB
- MD5
  
  22dae34bbb5f71141542cb92c9abbd6f
- SHA1
  
  798d36d8f5f357fb8f2dc1d52a367f13d8721fcd
- SHA256
  
  ad13edebad6e7f683c487f94d4d4d4209cea770a9dfc757df8a94d9059d75cfd
- SHA512
  
  57be7b21852f7c47cab82c0eb27f3eb07d3dbe9b9790598c4b8baecbaf4767fdeac5e7ac1bb41eb4b328ad870d5c170d5844998345ed9cfa11814ea6ddad2ccd
- SSDEEP
  
  49152:aAPuOT+3x3Dwarb/T2vO90d7HjmAFd4A64nsfJcIrJ6d0lZETpvoCFEFKwKl81RP:Y3DrmCZ/G8pE9J
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2