cobaltstrike

General

Target

32d48e683861c1a37bce4410adc58d36b86bfda8121ff1deb73ef82008731d90
Size

3.2MB
Sample

231124-fpvsesff63
MD5

8505de0532f6dcdce9a0eedc15228a50
SHA1

aaf78ac7130521636386cf5b3538af7b831c96c0
SHA256

32d48e683861c1a37bce4410adc58d36b86bfda8121ff1deb73ef82008731d90
SHA512

4436b3ad9d1c573f0f0f6811a00887c4e54a0698419f6cf102b5a4043496e47e98bbdc8823e80b7e120906fa9c777cbe40c909c0653a91f63b7a4e48c1781e96
SSDEEP

384:070YVXelUmwKqxUXssZgQ0o9hRJR/JScyriS/UriBP3y86k6aJvZkPq0/X/C3aq5:S0Ibx5

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://cdn.checkavail.space:80/maps/overlaybfpr

Attributes

access_type
512
host
cdn.checkavail.space,/maps/overlaybfpr
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAHAAAAAAAAAAMAAAACAAAABF9TUz0AAAACAAAAEFNSQ0hEPUFGPU5PRk9STTsAAAAGAAAABkNvb2tpZQAAAAkAAAAYcT1zYW4lMjBkaWVnbyUyMGNhJTIwem9vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi1VUwAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAHAAAAAQAAAA0AAAACAAAACFNSQ0hVSUQ9AAAAAgAAABBTUkNIRD1BRj1OT0ZPUk07AAAABgAAAAZDb29raWUAAAAHAAAAAAAAAA0AAAAFAAAAA2xpZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
6912
polling_time
37500
port_number
80
sc_process32
%windir%\syswow64\gpupdate.exe
sc_process64
%windir%\sysnative\gpupdate.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZPXyc5X1SZqJC6AxuXPnxJkqiEiLnDd8mEoYUZSyCUiOkst5+Q91822ewD7x4o/85eBwhd8EoUWUQfyotqfzHRak0P4pNM85tfIHB7HJKWxG7orVkSqh/zzHUbRaBsugPVE7LE93OvlsAY4Q1GMY95k+5pU4tm3/4w3HrcjORcwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.646887168e+09
unknown2
AAAABAAAAAEAAAiUAAAAAgAAAe0AAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown3
1.610612736e+09
uri
/maps/search
user_agent
Mozilla/5.0 (Windows NT 6.3; MSIE 9.0; Trident/7.0; rv:11.0) like Gecko Firefox
watermark
1359593325

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Targets

- Target
  
  32d48e683861c1a37bce4410adc58d36b86bfda8121ff1deb73ef82008731d90
- Size
  
  3.2MB
- MD5
  
  8505de0532f6dcdce9a0eedc15228a50
- SHA1
  
  aaf78ac7130521636386cf5b3538af7b831c96c0
- SHA256
  
  32d48e683861c1a37bce4410adc58d36b86bfda8121ff1deb73ef82008731d90
- SHA512
  
  4436b3ad9d1c573f0f0f6811a00887c4e54a0698419f6cf102b5a4043496e47e98bbdc8823e80b7e120906fa9c777cbe40c909c0653a91f63b7a4e48c1781e96
- SSDEEP
  
  384:070YVXelUmwKqxUXssZgQ0o9hRJR/JScyriS/UriBP3y86k6aJvZkPq0/X/C3aq5:S0Ibx5
Score

10^/10

cobaltstrike 0 1359593325 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2