cobaltstrike | 2234e3fe02b513ca6117481b73aa56552baff9ef2b7d2e06c95df3ec8acd8d40 | Triage

Sharing

General

Target

2234e3fe02b513ca6117481b73aa56552baff9ef2b7d2e06c95df3ec8acd8d40
Size

49KB
Sample

231116-hkv9haga87
MD5

1877009c4af3ed4c434aa2b602acdf5b
SHA1

be00d020787545ec2a1c72dabe14d2824fe80bec
SHA256

2234e3fe02b513ca6117481b73aa56552baff9ef2b7d2e06c95df3ec8acd8d40
SHA512

3b288c9dae1b3c78309fb4e2f1a27a58df173fa804dcb40b2a61cb0d730791da5ce51e5e5ff13e8c2faba9d0068ee46f6719759e1a4a88b98843336d48a0c92c
SSDEEP

768:IViaOS+QmjgPJm+J54eB/Ots+tvaCou4z7FSZBErVvvZICqf4aJWLAg96B99:En+0vTNqsQaCfmFSDqZOf4aSeB/

Score

10^/10

cobaltstrike 0 100000 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://23.105.197.219:4433/dpixel

Attributes

access_type
512
beacon_type
2048
host
23.105.197.219,/dpixel
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
4433
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDohWpPN9dK5Iaq3j5MARwhwXxMD+LZJY92SEg755tH3cbGJDwjAjae+Cq14PUO5w33EpPbdmLoEfwZmXv2Zz/AYj0O8mNmRw35sEPhPXGKj1Snqz4qS1EVBYgJOSMLEUCg7LBwHQtvsGnoZjszjkVqf9Hi9INcnBF8qLyh4JrKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)
watermark
100000

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Targets

- Target
  
  安全检查资产上报收集表-20231103/安全检查资产上报收集表-20231103-‮xlsx.scr
- Size
  
  48KB
- MD5
  
  abcca3f54a53769573ea56017d98f83b
- SHA1
  
  ee0d28c358aa299422b92fb648feb7ee9788eef6
- SHA256
  
  bdc2b1fa8b1bfc0a01577f524cf54bf1cea087d39396e915c943d3304fcab03f
- SHA512
  
  a217a2466ea355aa998d8b2f4643246f782e0d5ab01827cf80622b1fcbacbe9c478fb777a1ed510e6170fcdfe7d80519155a769e2d68bf4193894275ce3b6968
- SSDEEP
  
  768:fkzyZG7SI3/5UOwVxzgXs/RH3KYO+eNfcF4Soker6qQ4HyWOPHxT+scX2v:fkziG/ejwYOjNfcqJgqxOZcG
Score

10^/10

cobaltstrike 0 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2
- Target
  
  安全检查资产上报收集表-20231103/安全检查资产上报收集表-20231103.xlsx
- Size
  
  11KB
- MD5
  
  bcb7844128b94a56fdd1a507b4ce6382
- SHA1
  
  d6d168e1ded6d41bec1902b3b9af04d3a2f76b3a
- SHA256
  
  6d81b7976a2dfa69d0136c803ce732522fa5cbed1ae337851d9d7ae0f7ec6472
- SHA512
  
  d1f812dfdfe943f6dbf8f2c8e931fb1488156a8f8002e2cd3d63f2105cf51fcbe3c9cfb86749929cd904bbbedbf1550d4b7955ef50c9bf7aedc253fa0cea66ae
- SSDEEP
  
  192:t9AJ+cpbTjDOeu0pvvgaltjjC4jjWykU1TEAbjD8Q19xfzUYjwJkk4ZCy:t+J+coeu0pvvgavj/jWykoJ1sqPku
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

cobaltstrike0100000backdoortrojan

behavioral3

behavioral4