cobaltstrike

General

Target

8ace6478292024e7a772bd773da0f588c86bb9d7fecc6a8383dfb9ba4cfe16fd
Size

8.3MB
Sample

231026-pk9kfsdd42
MD5

547812b55e623a1af8565c9c26289019
SHA1

6e10c2bb4bf13f924133c69cafc3fa14c990b2f6
SHA256

8ace6478292024e7a772bd773da0f588c86bb9d7fecc6a8383dfb9ba4cfe16fd
SHA512

43c109627cd846d05fdeb34fcdb045ca8b54008cf202d3a0e577c50f8afe21fe6076942454c27ad69a40c3bccf6c2288eedc1441d4e81fcb369304216d53ecda
SSDEEP

196608:hqaJnq7iIE7SRpoOQjMy89onJ5hrZEnhbJMFjfWPZYipII/KHKA:pNq7iIE7YojQy89c5hlEnhyFzWPZY8K

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://103.234.72.74:80/ptj

Attributes

access_type
512
host
103.234.72.74,/ptj
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAABJBY2NlcHQ6IHRleHQvcGxhaW4AAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tdXMAAAAKAAAAG0FjY2VwdC1FbmNvZGluZzogdGV4dC9wbGFpbgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybHRyeXRyeWQAAAAHAAAAAAAAAAgAAAAFAAAAAmlkAAAABwAAAAEAAAADAAAAAgAAADsmb3A9MSZpZD12eGV5a1MmdWk9Sm9zaCBAIFBDJnd2PTExJmdyPWJhY2tvZmYmYnY9MS41NSZkYXRhPQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
2560
polling_time
37500
port_number
80
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPxVlBaGI4obe2z04qn+7a1HHvNEcc2uuUx8A1vtcLoA/MFTUpUAmA2Qs3QqTGjaNAhTW5nEG1x2X8WCOY2334WSaUxWsYXK88UZ2GWdiKiR8q851lzWvNh0ArfveFFQF+845wP/aJQ1Kv1bHUpxP+w0zFwKbKdVwuaZHF5dIHCQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/windowsxp/updcheck.php
user_agent
Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
watermark
100000

Targets

- Target
  
  8ace6478292024e7a772bd773da0f588c86bb9d7fecc6a8383dfb9ba4cfe16fd
- Size
  
  8.3MB
- MD5
  
  547812b55e623a1af8565c9c26289019
- SHA1
  
  6e10c2bb4bf13f924133c69cafc3fa14c990b2f6
- SHA256
  
  8ace6478292024e7a772bd773da0f588c86bb9d7fecc6a8383dfb9ba4cfe16fd
- SHA512
  
  43c109627cd846d05fdeb34fcdb045ca8b54008cf202d3a0e577c50f8afe21fe6076942454c27ad69a40c3bccf6c2288eedc1441d4e81fcb369304216d53ecda
- SSDEEP
  
  196608:hqaJnq7iIE7SRpoOQjMy89onJ5hrZEnhbJMFjfWPZYipII/KHKA:pNq7iIE7YojQy89c5hlEnhyFzWPZY8K
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2