cobaltstrike

General

Target

0c28502c4a274420cd77301f2265b62b357769d1988b0a2de2d5fbf507c9d408
Size

5.9MB
Sample

231212-bakaxsddg3
MD5

87a929b09075325dda765e2cb9d3d22b
SHA1

ff0217003de40fef22d4b6e8e0366c4177c77e59
SHA256

0c28502c4a274420cd77301f2265b62b357769d1988b0a2de2d5fbf507c9d408
SHA512

813c202297bf022be93fd659aa5a4ce63c16c23b2585a75cecc3d740ebc892a01f46469b9200a60a1fa5f8ceb2f3c0e8e4ed715ac44c522a7cfa19bbfeb60979
SSDEEP

49152:+eUfzW9lg4sE5iXpi1UplYhXYRGADTBOdFsK4/JWAZe39RK7JtcxorYiTiX8dJNr:eCbkE5MpDZ/JiYtcNg5UA6JE3YrvsWh

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

12345

C2

http://newstibulum.com:443/market-driven

Attributes

access_type
512
beacon_type
2048
host
newstibulum.com,/market-driven
http_header1
AAAAEAAAABVIb3N0OiBuZXdzdGlidWx1bS5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAAD1BY2NlcHQtTGFuZ3VhZ2U6IGZyLUNILCBmcjtxPTAuOSwgZW47cT0wLjgsIGRlO3E9MC43LCAqO3E9MC41AAAABwAAAAAAAAADAAAAAwAAAAIAAAAFQ1NSRj0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABVIb3N0OiBuZXdzdGlidWx1bS5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABhBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAABAAAADQAAAAMAAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
5888
polling_time
50
port_number
443
sc_process32
%windir%\syswow64\gpresult.exe
sc_process64
%windir%\sysnative\gpresult.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEu79zcfHVY7ypXZNjl3cFyzq7Tn6e8rqcfowv/sQzcC2Vr/6kLLvY8YvgMUElT16tYuS5o6GE5afOJydlZThiRkMSOhAGjQHZlqXLi8vgLFxJV7mly2zall8jzDd6nC30mBhvkdld10fCqM5wRJ8tfqto3iUVcDjeLIKEy90+LwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
7.8457344e+07
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/trot
user_agent
Mozilla/5.0 (Linux; Android 10; HD1913) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.85 Mobile Safari/537.36 EdgA/93.0.961.53
watermark
12345

Targets

- Target
  
  0c28502c4a274420cd77301f2265b62b357769d1988b0a2de2d5fbf507c9d408
- Size
  
  5.9MB
- MD5
  
  87a929b09075325dda765e2cb9d3d22b
- SHA1
  
  ff0217003de40fef22d4b6e8e0366c4177c77e59
- SHA256
  
  0c28502c4a274420cd77301f2265b62b357769d1988b0a2de2d5fbf507c9d408
- SHA512
  
  813c202297bf022be93fd659aa5a4ce63c16c23b2585a75cecc3d740ebc892a01f46469b9200a60a1fa5f8ceb2f3c0e8e4ed715ac44c522a7cfa19bbfeb60979
- SSDEEP
  
  49152:+eUfzW9lg4sE5iXpi1UplYhXYRGADTBOdFsK4/JWAZe39RK7JtcxorYiTiX8dJNr:eCbkE5MpDZ/JiYtcNg5UA6JE3YrvsWh
Score

10^/10

cobaltstrike 12345 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2