cobaltstrike

General

Target

363836d71e3bed7147bb78c639b3c55e2b074e06cd1d50c3cbf3cf993a12447e
Size

380KB
Sample

231028-ynzzvsgf7v
MD5

3fb660dc03326047f9e8e9c66a08e60f
SHA1

e9d06d50f338d0d972b598f53fcbac58ecd7c458
SHA256

363836d71e3bed7147bb78c639b3c55e2b074e06cd1d50c3cbf3cf993a12447e
SHA512

8da29df65594e21af9c347c8fbeb02a629c9ed7606a9bbe7d8d82357e20e54e47edaabc07de8710d2da062d7612bc17c47834b2bd80a836a05a4c3580897770b
SSDEEP

6144:ELSEKzLRtQESA8KWtCLcsad0gMGhW4GHn7cQuR:ERs/SA8KWQcsaGJ4

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://162.14.79.219:443/search/

Attributes

access_type
512
beacon_type
2048
host
162.14.79.219,/search/
http_header1
AAAAEAAAABJIb3N0OiB3d3cuYmluZy5jb20AAAAKAAAAR0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44AAAACgAAADhDb29raWU6IERVUD1RPUdwTzFuSnBNbmFtNFVsbEVmbWVNZGcyJlQ9MjgzNzY3MDg4JkE9MSZJRwAAAAcAAAAAAAAADQAAAAUAAAABcQAAAAkAAAAJZ289U2VhcmNoAAAACQAAAAVxcz1icwAAAAkAAAAJZm9ybT1RQlJFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABJIb3N0OiB3d3cuYmluZy5jb20AAAAKAAAAR0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44AAAACgAAADhDb29raWU6IERVUD1RPUdwTzFuSnBNbmFtNFVsbEVmbWVNZGcyJlQ9MjgzNzY3MDg4JkE9MSZJRwAAAAcAAAABAAAADQAAAAUAAAABcQAAAAkAAAAJZ289U2VhcmNoAAAACQAAAAVxcz1icwAAAAcAAAAAAAAADQAAAAUAAAAEZm9ybQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
GET
jitter
5120
polling_time
1000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkTVu6Ae8L33zNEF2hm/sumeHSox40WHuzAPCGHCLjpTugvCjHzl5+VQnpL/ntmS96A6yFoBwd0Op66DPnRqM8EPVz9kLIGoa38YRpz0buMRjH9h8Rv6kiimZavTDsoE+Aq7okrXsvVKfrmQp22xKocx54rlZfh4UHSfXMv5MicQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.82554112e+09
unknown2
AAAABAAAAAEAAANBAAAAAgAAAqMAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown3
1.610612736e+09
uri
/Search/
user_agent
Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
watermark
391144938

Targets

- Target
  
  363836d71e3bed7147bb78c639b3c55e2b074e06cd1d50c3cbf3cf993a12447e
- Size
  
  380KB
- MD5
  
  3fb660dc03326047f9e8e9c66a08e60f
- SHA1
  
  e9d06d50f338d0d972b598f53fcbac58ecd7c458
- SHA256
  
  363836d71e3bed7147bb78c639b3c55e2b074e06cd1d50c3cbf3cf993a12447e
- SHA512
  
  8da29df65594e21af9c347c8fbeb02a629c9ed7606a9bbe7d8d82357e20e54e47edaabc07de8710d2da062d7612bc17c47834b2bd80a836a05a4c3580897770b
- SSDEEP
  
  6144:ELSEKzLRtQESA8KWtCLcsad0gMGhW4GHn7cQuR:ERs/SA8KWQcsaGJ4
Score

10^/10

cobaltstrike 391144938 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2