cobaltstrike | 8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695

Analysis

max time kernel
156s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695.exe
Size

2.1MB
MD5

859bf6f860060b850a4f290072380211
SHA1

3783a5ba2c65512c6e6c20e1c1a9d6dade1f2257
SHA256

8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695
SHA512

d6d4b89296366c95096dd577d421853d08e801cc2f026ffa7f8f296ce421f9f84b777f3dfa5be877cbefabb3f64324375bbdcee86ec6149ef7834d56cb19cb5e
SSDEEP

24576:Vhjm8fc/ZEomkDoldCM3xvmiFfR00k/7PkFKbyrf6:r90u7HFfR0f7ja6

Score

10^/10

cobaltstrike 12345 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

12345

http://geocitesbbc.com:443/callable

Attributes

access_type
512
beacon_type
2048
host
geocitesbbc.com,/callable
http_header1
AAAAEAAAABVIb3N0OiBnZW9jaXRlc2JiYy5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAAPAAAAAwAAAAIAAAAHTFhHVUlEPQAAAAYAAAAGQ29va2llAAAACQAAAA9pbnRlcnJ1cHQ9ZmFsc2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABVIb3N0OiBnZW9jaXRlc2JiYy5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAABhDb250ZW50LVR5cGU6IHRleHQvcGxhaW4AAAAHAAAAAQAAAA8AAAADAAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9984
polling_time
42
port_number
443
sc_process32
%windir%\syswow64\w32tm.exe
sc_process64
%windir%\sysnative\w32tm.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLM4J9O0m8TuhWhBdQoftl0i+1WQjhrUo8jlgb4wxjeOVKkNflC1MTu6xKTC/wBhEb0MBMChes1WKMTP1oCIqkmdBUvFpyzW8IRUXQkJ+1Bb4ynGMUd4Js14t35sbJNxhp5lRGsd0jpsQgBqby6GpXot0wRvYxp6p3oLNDY/uPywIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.025605888e+09
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/switch
user_agent
Mozilla/5.0 (Linux; Android 11; CPH2127) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
watermark
12345

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695.exe
"C:\Users\Admin\AppData\Local\Temp\8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695.exe"
1⤵
PID:456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/456-0-0x00007FF7F4180000-0x00007FF7F447C000-memory.dmp

Filesize
3.0MB

Download
memory/456-1-0x000001671EFD0000-0x000001671F01D000-memory.dmp

Filesize
308KB

Download
memory/456-2-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-3-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-4-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-5-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-6-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-7-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-8-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-9-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-10-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-11-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-12-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-14-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-15-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-16-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-19-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-20-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-23-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-24-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-26-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-27-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-28-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-29-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-35-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-36-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-37-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-41-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-42-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-44-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-47-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-48-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-49-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-52-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-53-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-58-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-62-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download
memory/456-65-0x000001671F1B0000-0x000001671F20A000-memory.dmp

Filesize
360KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads