cobaltstrike

General

Target

8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695
Size

2.1MB
Sample

231115-zgp2rafb6s
MD5

859bf6f860060b850a4f290072380211
SHA1

3783a5ba2c65512c6e6c20e1c1a9d6dade1f2257
SHA256

8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695
SHA512

d6d4b89296366c95096dd577d421853d08e801cc2f026ffa7f8f296ce421f9f84b777f3dfa5be877cbefabb3f64324375bbdcee86ec6149ef7834d56cb19cb5e
SSDEEP

24576:Vhjm8fc/ZEomkDoldCM3xvmiFfR00k/7PkFKbyrf6:r90u7HFfR0f7ja6

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

12345

C2

http://geocitesbbc.com:443/callable

Attributes

access_type
512
beacon_type
2048
host
geocitesbbc.com,/callable
http_header1
AAAAEAAAABVIb3N0OiBnZW9jaXRlc2JiYy5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAAPAAAAAwAAAAIAAAAHTFhHVUlEPQAAAAYAAAAGQ29va2llAAAACQAAAA9pbnRlcnJ1cHQ9ZmFsc2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABVIb3N0OiBnZW9jaXRlc2JiYy5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAABhDb250ZW50LVR5cGU6IHRleHQvcGxhaW4AAAAHAAAAAQAAAA8AAAADAAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9984
polling_time
42
port_number
443
sc_process32
%windir%\syswow64\w32tm.exe
sc_process64
%windir%\sysnative\w32tm.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLM4J9O0m8TuhWhBdQoftl0i+1WQjhrUo8jlgb4wxjeOVKkNflC1MTu6xKTC/wBhEb0MBMChes1WKMTP1oCIqkmdBUvFpyzW8IRUXQkJ+1Bb4ynGMUd4Js14t35sbJNxhp5lRGsd0jpsQgBqby6GpXot0wRvYxp6p3oLNDY/uPywIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.025605888e+09
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/switch
user_agent
Mozilla/5.0 (Linux; Android 11; CPH2127) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
watermark
12345

Targets

- Target
  
  8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695
- Size
  
  2.1MB
- MD5
  
  859bf6f860060b850a4f290072380211
- SHA1
  
  3783a5ba2c65512c6e6c20e1c1a9d6dade1f2257
- SHA256
  
  8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695
- SHA512
  
  d6d4b89296366c95096dd577d421853d08e801cc2f026ffa7f8f296ce421f9f84b777f3dfa5be877cbefabb3f64324375bbdcee86ec6149ef7834d56cb19cb5e
- SSDEEP
  
  24576:Vhjm8fc/ZEomkDoldCM3xvmiFfR00k/7PkFKbyrf6:r90u7HFfR0f7ja6
Score

10^/10

cobaltstrike 12345 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2