cobaltstrike

General

Target

74f6b3ebc5b40bc0356f171ba7ae41ebc1c03a2f6aa8683c39140f1a5601023b
Size

1.2MB
Sample

231023-x7hz1sdf21
MD5

d0c401423eaf087b02d48180944eb434
SHA1

07860d876d105321c08fe61c7eecedfeee0d9b81
SHA256

74f6b3ebc5b40bc0356f171ba7ae41ebc1c03a2f6aa8683c39140f1a5601023b
SHA512

ffa882360db52dd5ba87e0f53b0c0cad944f746c6cfdc46f4f0200b853415d456a810a5e994464a3c226686a510aa91709e86b689de5187046b3f2d966679aa9
SSDEEP

24576:eA/389X9zMxnH4WVB5s4KQN2LTt8Y0edswcaWeoAuWU0sgGce7o9Pj3Bt:eloMocT9

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://124.220.235.65:14275/j.ad

Attributes

access_type
512
host
124.220.235.65,/j.ad
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAABJBY2NlcHQ6IHRleHQvcGxhaW4AAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tdXMAAAAKAAAAG0FjY2VwdC1FbmNvZGluZzogdGV4dC9wbGFpbgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybHRyeXRyeWQAAAAHAAAAAAAAAAgAAAAFAAAAAmlkAAAABwAAAAEAAAADAAAAAgAAADsmb3A9MSZpZD12eGV5a1MmdWk9Sm9zaCBAIFBDJnd2PTExJmdyPWJhY2tvZmYmYnY9MS41NSZkYXRhPQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
2560
polling_time
37500
port_number
14275
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWYfa6b93hGKApZwTMQJWs6UwXUdlHRw9HDtQ9xBrR/BIygegFGJFjdGTXvX8+A1sQSOnSKNrVvC9Yh0fnNPm9UXGRA940e8rYtM/T5M9+uWsvWV6BHCUoLiUGFKCCoZRaT8AaKc06zDNhDOwxCkWYStQFoNap+IT2hfogLaG5iwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/windebug/updcheck.php
user_agent
Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
watermark
100000

Targets

- Target
  
  74f6b3ebc5b40bc0356f171ba7ae41ebc1c03a2f6aa8683c39140f1a5601023b
- Size
  
  1.2MB
- MD5
  
  d0c401423eaf087b02d48180944eb434
- SHA1
  
  07860d876d105321c08fe61c7eecedfeee0d9b81
- SHA256
  
  74f6b3ebc5b40bc0356f171ba7ae41ebc1c03a2f6aa8683c39140f1a5601023b
- SHA512
  
  ffa882360db52dd5ba87e0f53b0c0cad944f746c6cfdc46f4f0200b853415d456a810a5e994464a3c226686a510aa91709e86b689de5187046b3f2d966679aa9
- SSDEEP
  
  24576:eA/389X9zMxnH4WVB5s4KQN2LTt8Y0edswcaWeoAuWU0sgGce7o9Pj3Bt:eloMocT9
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2