cobaltstrike | 235f403b037f7b4e007976a2204b90ef9421890927c744f89dc811e5eea021c3

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
20-09-2023 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

235f403b037f7b4e007976a2204b90ef9421890927c744f89dc811e5eea021c3.exe
Size

2.9MB
MD5

9087a4ff80b20002a53d4e5f3a3789be
SHA1

f2a274fc208ff0ee3c5c8208dc37560f364b17ea
SHA256

235f403b037f7b4e007976a2204b90ef9421890927c744f89dc811e5eea021c3
SHA512

d06ffaf0589adecfb5a45944baf5fb1dd7b5d18913a1c5a22223eddff080c439c70584ce6f23103c932b758ca868b629411f542e76b1a3608a6036c46e205e54
SSDEEP

6144:nbohmAJS+oKnks2Ru42KKVuDiEgHy2ivoBcI6xSTb3+igmogOKIetNDpWzaiPi9:nU0/IkPIz9FsZw0sbOoBT0i9

Score

10^/10

cobaltstrike 1 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://142.93.77.61:443/_/scs/mail-static/_/js/

Attributes

access_type
512
beacon_type
2048
host
142.93.77.61,/_/scs/mail-static/_/js/
http_header1
AAAABwAAAAAAAAADAAAAAgAAAAVPU0lEPQAAAAYAAAAGQ29va2llAAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAAZETlQ6IDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACQAAAA11aT1kMzI0NGM0NzA3AAAACQAAAAtob3A9NjkyODYzMgAAAAkAAAAHc3RhcnQ9MAAAAAoAAAA9Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD11dGYtOAAAAAcAAAAAAAAAAwAAAAIAAAAFT1NJRD0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
3840
maxdns
255
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmvsAeKxSgXApnTJfpxsXXIefGGdh28phbk3wEsA5TxlX687DiQ2jDzFPkjcHMTcP65msxcDrEkfgWdX9rGlMEorUwv8ewAMN2Tg5fvhKwXh9YbJVbx6n+jLcUdTAXk/SG7TA5ozu35nPMoSlHRFidSSgXbSo5RKqi/dsFAYB86wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
5.37071616e+08
unknown2
AAAABAAAAAEAAAF3AAAAAQAAAPoAAAACAAAABAAAAAIAAAAcAAAAAgAAACQAAAACAAAAEgAAAAIAAAAEAAAAAgAAABwAAAACAAAAJAAAAAIAAAARAAAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/mail/u/0/
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)
watermark
1

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\235f403b037f7b4e007976a2204b90ef9421890927c744f89dc811e5eea021c3.exe
"C:\Users\Admin\AppData\Local\Temp\235f403b037f7b4e007976a2204b90ef9421890927c744f89dc811e5eea021c3.exe"
1⤵
PID:4636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4636-0-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/4636-2-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/4636-1-0x0000015283D40000-0x0000015283D81000-memory.dmp

Filesize
260KB

Download
memory/4636-3-0x00000152840F0000-0x0000015284143000-memory.dmp

Filesize
332KB

Download
memory/4636-4-0x00000152840F0000-0x0000015284143000-memory.dmp

Filesize
332KB

Download
memory/4636-5-0x00007FF631310000-0x00007FF6315EE000-memory.dmp

Filesize
2.9MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads