cobaltstrike | 3468bbee0e46854f75614c10b0e50c77adf16b1595c63cc66104c123d692a76c | Triage

Sharing

General

Target

3468bbee0e46854f75614c10b0e50c77adf16b1595c63cc66104c123d692a76c
Size

240KB
Sample

231026-qdn6lsbh9z
MD5

4fc8198a4f9bb7fc80ca0b720d4cd067
SHA1

e8b219ad5d20a772f7a0f9f4da4e24667ad8170c
SHA256

3468bbee0e46854f75614c10b0e50c77adf16b1595c63cc66104c123d692a76c
SHA512

6c7bb1e7c6773bb80fff8f193f8f4e42b058aace3cef1e6b7bb2097fbf98a320cc9d7d4bb9b9941468a13ea75901b8db12ced86ae089d150a8424db1bd899377
SSDEEP

6144:xcKiFgIvrRjIIRjMFxvaJdQTJ9knQOiON/ZPlYv:xLigSrRFRjMFxvaJWl9WbPmv

Score

10^/10

cobaltstrike 100000 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://service-2iwo0kg3-1306669097.bj.apigw.tencentcs.com:443/assets/code-3d7b701fc6eb.css

Attributes

access_type
512
beacon_type
2048
host
service-2iwo0kg3-1306669097.bj.apigw.tencentcs.com,/assets/code-3d7b701fc6eb.css
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeQ29udGVudC1MYW5ndWFnZTogZGUtREUsIGVuLUNBAAAABwAAAAAAAAADAAAAAgAAAApTRVNTSU9OSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeQ29udGVudC1MYW5ndWFnZTogZGUtREUsIGVuLUNBAAAABwAAAAAAAAADAAAAAgAAAAlKU0VTU0lPTj0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
2560
polling_time
5
port_number
443
sc_process32
%windir%\syswow64\esentutl.exe
sc_process64
%windir%\sysnative\esentutl.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfep/TSilfG1bUUWvcuoPniqb1ayJJ7CxTyGLdwTWr1+F6B0SgCOmoP0B3HxpBSE7ZDMQlFpGFePb78MYiWM0Ubwtp8aFLt12xutCsDMHUlp/Ti739hMtPwnpSCjqamGEtwELvj02hojLWq6XAtPgEfum9U/yn4RxH0MS9cxOrzQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
2.702512128e+09
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/qiyi
user_agent
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
watermark
100000

Targets

- Target
  
  3468bbee0e46854f75614c10b0e50c77adf16b1595c63cc66104c123d692a76c
- Size
  
  240KB
- MD5
  
  4fc8198a4f9bb7fc80ca0b720d4cd067
- SHA1
  
  e8b219ad5d20a772f7a0f9f4da4e24667ad8170c
- SHA256
  
  3468bbee0e46854f75614c10b0e50c77adf16b1595c63cc66104c123d692a76c
- SHA512
  
  6c7bb1e7c6773bb80fff8f193f8f4e42b058aace3cef1e6b7bb2097fbf98a320cc9d7d4bb9b9941468a13ea75901b8db12ced86ae089d150a8424db1bd899377
- SSDEEP
  
  6144:xcKiFgIvrRjIIRjMFxvaJdQTJ9knQOiON/ZPlYv:xLigSrRFRjMFxvaJWl9WbPmv
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrike100000backdoortrojan

behavioral2

cobaltstrike100000backdoortrojan