cobaltstrike

General

Target

23dc55890bd5e850901c92c1bff95fff
Size

856KB
Sample

231231-ch92zsbhaj
MD5

23dc55890bd5e850901c92c1bff95fff
SHA1

a06e20780d409b93509900b336652f0d2e504a5c
SHA256

ca2cf63bbe9687eb96d05fe81a6aa2b452e38c53640454ac45f62f3d2f18cc46
SHA512

de228f7f7b614f0dc27288602767866324703be1f29c099597069c3572af08389ddaa07678871a84d0743c00612c311429c888694dff97301922aa6cdf6370b4
SSDEEP

1536:cyyzxR7Wgecj7aB5Y+f7WWu+Uyg33puiFBjZB3YtGkTOhtecuTKvMJ0Fu09sf3Q6:cY

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://web.symanteccdn.com:53/_/scs/mail-static/_/js/

Attributes

access_type
512
beacon_type
256
dns_idle
1.34744072e+08
host
web.symanteccdn.com,/_/scs/mail-static/_/js/
http_header1
AAAABwAAAAAAAAADAAAAAgAAAAVPU0lEPQAAAAYAAAAGQ29va2llAAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAAZETlQ6IDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACQAAAA11aT1kMzI0NGM0NzA3AAAACQAAAAtob3A9NjkyODYzMgAAAAkAAAAHc3RhcnQ9MAAAAAoAAAA9Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD11dGYtOAAAAAcAAAAAAAAAAwAAAAIAAAAFT1NJRD0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
3840
maxdns
255
polling_time
50000
port_number
53
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBRb6drQE84GpU2j1hqgNtb6/jpxufM6HE1LOOUiemMUsM/z4UmbWhLbgPoflld9u3NWXTIOlOxE9NW53/9EaTNcwG+ac0GyK1Ks67vwXFnHxJtSR0ofbJ2fMuSG//6cRsYvkI15eCv6VKtmtnMZykoGf+6+CQt+9KA2hfKvTTWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
5.37071616e+08
unknown2
AAAABAAAAAEAAAF3AAAAAQAAAPoAAAACAAAABAAAAAIAAAAcAAAAAgAAACQAAAACAAAAEgAAAAIAAAAEAAAAAgAAABwAAAACAAAAJAAAAAIAAAARAAAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/mail/u/0/
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP08; MAAU; NP08)
watermark
305419896

Targets

- Target
  
  23dc55890bd5e850901c92c1bff95fff
- Size
  
  856KB
- MD5
  
  23dc55890bd5e850901c92c1bff95fff
- SHA1
  
  a06e20780d409b93509900b336652f0d2e504a5c
- SHA256
  
  ca2cf63bbe9687eb96d05fe81a6aa2b452e38c53640454ac45f62f3d2f18cc46
- SHA512
  
  de228f7f7b614f0dc27288602767866324703be1f29c099597069c3572af08389ddaa07678871a84d0743c00612c311429c888694dff97301922aa6cdf6370b4
- SSDEEP
  
  1536:cyyzxR7Wgecj7aB5Y+f7WWu+Uyg33puiFBjZB3YtGkTOhtecuTKvMJ0Fu09sf3Q6:cY
Score

10^/10

cobaltstrike 305419896 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2