cobaltstrike

General

Target

67b70d7a7d9e2ce2a6ab1b38d92e6fffe32803b6e0c53cf574c928526e557d29
Size

315KB
Sample

230920-nnf7msga4s
MD5

cb619d1d1e61eb5b6e715421f81b57f0
SHA1

4971df39d835995be8158678ffe13e2e2cda9298
SHA256

67b70d7a7d9e2ce2a6ab1b38d92e6fffe32803b6e0c53cf574c928526e557d29
SHA512

34df41646d675c472ebea0dce5357d7d36803b3a208bd45e8c5505e5fe4e26126094cef544caae7e345d3e1c0336488aa5d9a7eaaa3eee5614e9643ae2910b95
SSDEEP

6144:+cFmH8Rl2zZuHU3ZYQAhu7QZHNeRohUk7:NnRMZQKZwu7Qvao

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

Attributes

beacon_type
512
http_header1
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
pipe_name
\\.\pipe\0561f93fd3ec4ba881dfe39ebc290aac
polling_time
10000
port_number
4444
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOIeHpg9IH745cjNp8LHEcT/ncZVjR7NFuJ/O+wtVLnrX4NLmyU69lkkhXd7WzuNy2rTYIaEcW+rqFcLazAeWR1PbMWTK7oEPDKPfEcbsvUojIDyMsJtiSpysjtBiDxd+EAjUgR7EtksUirZANUvND/iGICWQWO2GdYh5/iDZvaQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
watermark
100000

Targets

- Target
  
  67b70d7a7d9e2ce2a6ab1b38d92e6fffe32803b6e0c53cf574c928526e557d29
- Size
  
  315KB
- MD5
  
  cb619d1d1e61eb5b6e715421f81b57f0
- SHA1
  
  4971df39d835995be8158678ffe13e2e2cda9298
- SHA256
  
  67b70d7a7d9e2ce2a6ab1b38d92e6fffe32803b6e0c53cf574c928526e557d29
- SHA512
  
  34df41646d675c472ebea0dce5357d7d36803b3a208bd45e8c5505e5fe4e26126094cef544caae7e345d3e1c0336488aa5d9a7eaaa3eee5614e9643ae2910b95
- SSDEEP
  
  6144:+cFmH8Rl2zZuHU3ZYQAhu7QZHNeRohUk7:NnRMZQKZwu7Qvao
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2