cobaltstrike | 83ac4594d1792825e1ac86f2ad942e98dc16b101198153d05dda9d3996f1117f | Triage

Sharing

General

Target

13555199110.zip
Size

153KB
Sample

231213-r75k5aebhn
MD5

d8bee6b1757d8f919cac3a90174dcd75
SHA1

57a281978d83907b411260322163e3b79ad3cf9b
SHA256

83ac4594d1792825e1ac86f2ad942e98dc16b101198153d05dda9d3996f1117f
SHA512

988b5e29a3cadcf815df56362a81e20efe2fdf37ac9f2231a00f31a26b1847fadcf169624bf5936e8821c2023e2b5f516f0869a4c02bcc0cc40808df3455aa60
SSDEEP

3072:HzMKx73nmps8ru8x0YdgBz56fM91quwynchWEpzvOFpG0qRSJdJYYW8x:TMc72uSuhoM91qJynYrv2YSvJU8x

Score

10^/10

cobaltstrike 305419896 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://arress.windowshostnamehost.club:8585/load

Attributes

access_type
512
host
arress.windowshostnamehost.club,/load
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
polling_time
60000
port_number
8585
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkqdHg/Ebl2vtRtNlho+WOcoJ9lHotN4eMNnfu0GHcLLqNs95QLnt6HMeQ/WcQNE0s5wmoD64wS5/k6W/TmYgU8ogys1Oc6fRNtLDM33vxTwI+jrnIp9iAG+L4qrj/JuFzyvZRka9eCM/iRDmU3xVKS0iKzEIVNU/F3Ur+DiRUPwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)
watermark
305419896

Targets

- Target
  
  7a85bb9a1f18fede923da71f295947dffb3b08eed811f81920e1bc01eaa40737
- Size
  
  278KB
- MD5
  
  edf862421a6e7cf3a1e5d113d8cf10fa
- SHA1
  
  1fc7581ce5fdb8a3c774af26400cafa2774ad647
- SHA256
  
  7a85bb9a1f18fede923da71f295947dffb3b08eed811f81920e1bc01eaa40737
- SHA512
  
  0e1f57ea257eac68962efdfdb297c542e107616b76e828ed805c787408e05cdd77ca3d2e32ea62059e27e4213cec5f66a80d40036eeeb3fe0671e8371213d62e
- SSDEEP
  
  6144:RRVSXK+mp6M+T4K1mnj9Ua7YgUFFvlO3G:RvSXK+mp6MuRw9neFvlqG
Score

10^/10

cobaltstrike 305419896 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cobaltstrike305419896backdoortrojan

behavioral2

cobaltstrike305419896backdoortrojan