cobaltstrike

General

Target

ae63d4c7ec4ff55cef79647e573a0307070da4e24fa0d975e920ba5883c52fc9
Size

2.8MB
Sample

231231-xq3m4afaf7
MD5

8891a56adac16a116aab1e445a1ff93e
SHA1

6a15ba79aa246374af95bede3c3dd79da06675fe
SHA256

ae63d4c7ec4ff55cef79647e573a0307070da4e24fa0d975e920ba5883c52fc9
SHA512

bc9ebe4413fd02315c3edfd35a71d0a57ed48c16093bf5f5aa28227916d350ce2c8762271a23c1e20a5eeb06001be46cfaa9026dda95b14d31ee4064da49188c
SSDEEP

49152:fmOml6Cp1GteSFLWwYsISdG8/GNKy7d5arwjPvRELhEka3PsZ:fDLqGteSFLWFSnc5arKP0h3O

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

12345

C2

http://therealnewhome.com:443/confess.jpgv

Attributes

access_type
512
beacon_type
2048
host
therealnewhome.com,/confess.jpgv
http_header1
AAAAEAAAABhIb3N0OiB0aGVyZWFsbmV3aG9tZS5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABFBY2NlcHQ6IGltYWdlL2dpZgAAAAoAAAA9QWNjZXB0LUxhbmd1YWdlOiBmci1DSCwgZnI7cT0wLjksIGVuO3E9MC44LCBkZTtxPTAuNywgKjtxPTAuNQAAAAcAAAAAAAAACAAAAAMAAAACAAAAB0FXU0FMQj0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABhIb3N0OiB0aGVyZWFsbmV3aG9tZS5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAADQAAAAMAAAACAAAAC2FjY3VtdWxhdGU9AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
17664
polling_time
32
port_number
443
sc_process32
%windir%\syswow64\regsvr32.exe
sc_process64
%windir%\sysnative\regsvr32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZePp64wzXaO8lerDxYgqrvYB+0xe1vO6XLGA0wrOn7kE/xAcidhZnTmaHSEHSktTpvgSTetwf/fYl5gd1yTQT/N+zDtEfxLhdYrc/is5I66azE6L3lStP92swsAJZr5s02LJAvanBQmRLCNOZdZX9Eyf85kalauvKV926nXRyAQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
7.8457344e+07
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/watch
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 OPR/81.0.4196.31 (Edition Yx 05)
watermark
12345

Targets

- Target
  
  ae63d4c7ec4ff55cef79647e573a0307070da4e24fa0d975e920ba5883c52fc9
- Size
  
  2.8MB
- MD5
  
  8891a56adac16a116aab1e445a1ff93e
- SHA1
  
  6a15ba79aa246374af95bede3c3dd79da06675fe
- SHA256
  
  ae63d4c7ec4ff55cef79647e573a0307070da4e24fa0d975e920ba5883c52fc9
- SHA512
  
  bc9ebe4413fd02315c3edfd35a71d0a57ed48c16093bf5f5aa28227916d350ce2c8762271a23c1e20a5eeb06001be46cfaa9026dda95b14d31ee4064da49188c
- SSDEEP
  
  49152:fmOml6Cp1GteSFLWwYsISdG8/GNKy7d5arwjPvRELhEka3PsZ:fDLqGteSFLWFSnc5arKP0h3O
Score

10^/10

cobaltstrike 12345 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2