cobaltstrike

General

Target

9ae4e8b799150be655cbabbc33a499fc8ea3ae198c1f27a657fab595b3b91bdf
Size

66KB
Sample

231130-1xcxssbh4y
MD5

b230d3f6163541cd6d7a37b81b5ce767
SHA1

c59c878e036c9c9815699b3c4c013d9270916f87
SHA256

9ae4e8b799150be655cbabbc33a499fc8ea3ae198c1f27a657fab595b3b91bdf
SHA512

c67e091636be63764796e3cc1adf99a91025f2dfed20979eb28aae254ba4057222dad8da32305170ae67161530df7bf30f050526d2e1f3edfae3cf3ce007d280
SSDEEP

1536:07JZ1xBxtV6Ta7yXN0ZRvuI2n3V6b1DcfW:IZnDj6Ther0ib

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://192.124.176.11:80/Detect/remove/90J6CLSKNII

Attributes

access_type
512
host
192.124.176.11,/Detect/remove/90J6CLSKNII
http_header1
AAAACgAAACxBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24sIHRleHQvaHRtbCwgaW1hZ2UvKgAAAAoAAAATQWNjZXB0LUxhbmd1YWdlOiBtawAAAAoAAAAdQWNjZXB0LUVuY29kaW5nOiBiciwgaWRlbnRpdHkAAAAHAAAAAAAAAA8AAAAIAAAAAgAAAAZfWERpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACxBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24sIHRleHQvaHRtbCwgaW1hZ2UvKgAAAAoAAAATQWNjZXB0LUxhbmd1YWdlOiBtawAAAAoAAAAdQWNjZXB0LUVuY29kaW5nOiBiciwgaWRlbnRpdHkAAAAHAAAAAAAAAA8AAAAIAAAABQAAAAlfUURQUFVBS1UAAAAHAAAAAQAAAA8AAAAIAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
11008
polling_time
87496
port_number
80
sc_process32
%windir%\syswow64\dllhost.exe -o enable
sc_process64
%windir%\sysnative\svchost.exe -k wksvc
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGktUK4DRD7aCXOsVH32pLB/ImDz/KNjrL+/OJ1V8AfM0UVT1k9j/zU1n3fLU/cAgjV6rXCD6OV3S84v9g3/Q3kbW5wBYveEUz4e898IkOUHcsQPBPMngAn2gJSf7beULieGk7TO53S7LztL69Df0d+3ob/Lg5L6ckP5STjDLXywIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.191714816e+09
unknown2
AAAABAAAAAEAAAOhAAAAAgAABJ4AAAALAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/Build/rss20/OZ4GHPLCW
user_agent
Mozilla/5.1 (Windows NT 6.2; Win64; x64) AppleWebKit/537.363 (KHTML, like Gecko) Chrome/53.0.2785.1164 Safari/537.365
watermark
100000

Targets

- Target
  
  9ae4e8b799150be655cbabbc33a499fc8ea3ae198c1f27a657fab595b3b91bdf
- Size
  
  66KB
- MD5
  
  b230d3f6163541cd6d7a37b81b5ce767
- SHA1
  
  c59c878e036c9c9815699b3c4c013d9270916f87
- SHA256
  
  9ae4e8b799150be655cbabbc33a499fc8ea3ae198c1f27a657fab595b3b91bdf
- SHA512
  
  c67e091636be63764796e3cc1adf99a91025f2dfed20979eb28aae254ba4057222dad8da32305170ae67161530df7bf30f050526d2e1f3edfae3cf3ce007d280
- SSDEEP
  
  1536:07JZ1xBxtV6Ta7yXN0ZRvuI2n3V6b1DcfW:IZnDj6Ther0ib
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2