cobaltstrike

General

Target

a0743e616cf310724b8175aa27e7e22d
Size

317KB
Sample

231227-dwtslaefdk
MD5

a0743e616cf310724b8175aa27e7e22d
SHA1

d54e0e53517716d725f5675223ae1dd4c6723b66
SHA256

71f73949614c5e15f2682cf1dbd21688f19e5ba52bc0ed93909eb5346d12652a
SHA512

b2b08116daf0ff45e312dcc0dcd134937f32907ce652985dd5bc3e3d284bd924a73e16ef624163f550bed48790ac137250f1948435c28f528bf3071f6d79cc40
SSDEEP

6144:7JwpYVNcn3pTdNe+WXVi1SB4R7zH2mTK/fN2H5021:7G6cniFiSB4t3K3qd

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://192.168.43.189:80/ucD

Attributes

access_type
512
host
192.168.43.189,/ucD
http_header1
AAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAoAAAAWQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAcAAAAAAAAADQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAoAAAAWQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAcAAAAAAAAADQAAAAEAAABsVU1KakFpTlVVdHZOd3cwbEJqOXR6V2Vnd3BodUluNmhOUDllZUlEZk9yY0hKM25vellGUFQtSmw3V3NtYm1qWm5RWFVlc29Ka2NKa3BkWUVkcWdRRkU2UVpnaldWc0xTU0RvbkwyOERZRFZKAAAADAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
polling_time
1000
port_number
80
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFmBMBEy36k4luvY2SO97E+bxgA1A5GYjk2mhMQPzoQ2oQ9cu4A3nne00/RaKPT1pulvwqKi8HYz1vS4J2eC7EsMVuPhkwYr6zn/fPS49oTc9onKqB2dBi8u6p+2LPrZQBjQIX9A1sw49jrzCcZgGT8yCXSq9zRlS0/PE4bVMvzQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/ucW
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) like Gecko
watermark
305419896

Targets

- Target
  
  a0743e616cf310724b8175aa27e7e22d
- Size
  
  317KB
- MD5
  
  a0743e616cf310724b8175aa27e7e22d
- SHA1
  
  d54e0e53517716d725f5675223ae1dd4c6723b66
- SHA256
  
  71f73949614c5e15f2682cf1dbd21688f19e5ba52bc0ed93909eb5346d12652a
- SHA512
  
  b2b08116daf0ff45e312dcc0dcd134937f32907ce652985dd5bc3e3d284bd924a73e16ef624163f550bed48790ac137250f1948435c28f528bf3071f6d79cc40
- SSDEEP
  
  6144:7JwpYVNcn3pTdNe+WXVi1SB4R7zH2mTK/fN2H5021:7G6cniFiSB4t3K3qd
Score

10^/10

cobaltstrike 305419896 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2