cobaltstrike

General

Target

kill.exe
Size

9.4MB
Sample

231103-zmv5ysab9z
MD5

7789af65bd1cb65e7d95fc73131cc163
SHA1

b85d5afadbbaaa68d87474b557b40625f45082e5
SHA256

fef8bedd7483b42690e33572cbf581640c842e9ebf2cd2d790036982a8f0b80b
SHA512

b664eefd98c38124871859177e6b858a333bb2ab9f9bc0adde867b071ea1634504f7dedd39eceadeca6ca7f0a5a116b8e27771e069b40ff860e1205a9bc4f400
SSDEEP

196608:YzJOUBVhdvW0bF7FoRE2nNuWJysVYvsOFIQLOMIdiwrUXIZV/t77:GY0V71FeREWEWJRL/dR/B

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://m0u.online:443/js/

Attributes

access_type
512
beacon_type
2048
host
m0u.online,/js/
http_header1
AAAAEAAAABBIb3N0OiBtMHUub25saW5lAAAACgAAABxSZWZlcmVyOiBodHRwczovL2pxdWVyeS5jb20vAAAACgAAAI9BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuNwAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAgAAAABAAAAAy5qcwAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABBIb3N0OiBtMHUub25saW5lAAAACgAAAI9BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuNwAAAAoAAAAmQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0AAAAKAAAAHFJlZmVyZXI6IGh0dHBzOi8vanF1ZXJ5LmNvbS8AAAAKAAAAEFByYWdtYTogbm8tY2FjaGUAAAAKAAAAF0NhY2hlLUNvbnRyb2w6IG5vLWNhY2hlAAAABwAAAAAAAAALAAAAAQAAAAMuanMAAAAMAAAABwAAAAEAAAADAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
7500
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCMiTfjuuxXvwPpZ4RijHWO8ZB7GbU59ERkKBT5jbwdzwiFxypx3lV9PyOgOQxIC9mrd9jwbolqhZSoVe1g8rTb+T3xGk3JOoVDlGUSVFxVCTfDwGIOdNJqsQeZbi/DVcyWwLAaMXTFCMVdVVjBRTEC6U6L0YvheYII8DhTYn+r1wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/api/
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
391144938

Targets

- Target
  
  kill.exe
- Size
  
  9.4MB
- MD5
  
  7789af65bd1cb65e7d95fc73131cc163
- SHA1
  
  b85d5afadbbaaa68d87474b557b40625f45082e5
- SHA256
  
  fef8bedd7483b42690e33572cbf581640c842e9ebf2cd2d790036982a8f0b80b
- SHA512
  
  b664eefd98c38124871859177e6b858a333bb2ab9f9bc0adde867b071ea1634504f7dedd39eceadeca6ca7f0a5a116b8e27771e069b40ff860e1205a9bc4f400
- SSDEEP
  
  196608:YzJOUBVhdvW0bF7FoRE2nNuWJysVYvsOFIQLOMIdiwrUXIZV/t77:GY0V71FeREWEWJRL/dR/B
Score

10^/10

cobaltstrike 391144938 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2