cobaltstrike

General

Target

b73a0c2f32dbb99514b8c19d6bf7bac6631b22bd18133cee34246f68ec5f9f3b
Size

3.3MB
Sample

231023-f6txfsec8z
MD5

d75b6e2eb4c0b32d994f792c327aaab2
SHA1

6d2406e2e6bc7a5a950a896dece74e7a8cc25fd8
SHA256

b73a0c2f32dbb99514b8c19d6bf7bac6631b22bd18133cee34246f68ec5f9f3b
SHA512

e20c1f650eabb3c6dfbce6e5e246ad09b51b60456ee58fed449e8c39d228e7072ac9b3725360d65df0dca14b4569f3e8f6b8bc966e3d414fcef3348098de36c2
SSDEEP

49152:dMvmQWgAi4Jl/Oh3drciJhuHsv8cRqWkqv4ED:OOQzQD/ipcEVRZv

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://config.dnslogik.com:8443/mp/getapp/msgext

Attributes

access_type
512
beacon_type
2048
host
config.dnslogik.com,/mp/getapp/msgext
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAACFSZWZlcmVyOiBodHRwOi8vbXAud2VpeGluLnFxLmNvbS8AAAAHAAAAAAAAAAMAAAACAAAABU1ZTXp6AAAABgAAAAxYLVdlY2hhdC1VaW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAI9BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuOQAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAoAAAAhUmVmZXJlcjogaHR0cDovL21wLndlaXhpbi5xcS5jb20vAAAABwAAAAAAAAADAAAAAgAAAAVNWU16egAAAAYAAAAMWC1XZWNoYXQtVWluAAAABwAAAAEAAAADAAAAAgAAAAhNTWRhdGE9QQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9472
polling_time
5000
port_number
8443
sc_process32
%windir%\syswow64\gpupdate.exe
sc_process64
%windir%\sysnative\gpupdate.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQzecnJRAPh6p98s1qDfvFyh/+NR2r3duROrEqeGgp6EouIkvj9MAgZk9VYBb6iflW2V9XRp2pUHeikwuSEkQOHmktOsm3Ke2s/+NHBRURolOpNIXFcpuhTQaJ8NQqLMbwxdoQSVj3/cL0Ilhq6TKSIiROp2JnMgnvrazZQUGBEwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.532302592e+09
unknown2
AAAABAAAAAIAAAADAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/mp/wapcommon/report
user_agent
WeChat/8.0.5.32 CFNetwork/1237 Darwin/20.4.0
watermark
100000

Targets

- Target
  
  b73a0c2f32dbb99514b8c19d6bf7bac6631b22bd18133cee34246f68ec5f9f3b
- Size
  
  3.3MB
- MD5
  
  d75b6e2eb4c0b32d994f792c327aaab2
- SHA1
  
  6d2406e2e6bc7a5a950a896dece74e7a8cc25fd8
- SHA256
  
  b73a0c2f32dbb99514b8c19d6bf7bac6631b22bd18133cee34246f68ec5f9f3b
- SHA512
  
  e20c1f650eabb3c6dfbce6e5e246ad09b51b60456ee58fed449e8c39d228e7072ac9b3725360d65df0dca14b4569f3e8f6b8bc966e3d414fcef3348098de36c2
- SSDEEP
  
  49152:dMvmQWgAi4Jl/Oh3drciJhuHsv8cRqWkqv4ED:OOQzQD/ipcEVRZv
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2