cobaltstrike

General

Target

CF.exe
Size

1.1MB
Sample

240103-fbs2nsega6
MD5

03c815469b5dabdd81b41c903ee4991f
SHA1

f1bcae1d72d85cb40e4a0d2196a41535bb6d8faa
SHA256

556f694bdaff6adf435f8f9b029d4510b886297f0d6ab30a6f2908668bda61aa
SHA512

00eaaace99f349b2f491c35694941eed55a1fee6af55569c7173eb7f789f76c2d0b6f4bdafea1d6c4964db384973ca38c0084a64d8130a56f9c4f2198eb51938
SSDEEP

24576:VbToFmw7U3/u1PrxduqHi//Ng3Ai1EfkcMSgiZ:1TIm5u1Prymitg3AiefkcbtZ

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://a0.awsstatic.com:80/

Attributes

access_type
512
host
a0.awsstatic.com,/
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeR2V0Q29udGVudEZlYXR1cmVzLkRMTkEuT1JHOiAxAAAAEAAAACNIb3N0OiBkMWVoNmZrZXdsYXhzNC5jbG91ZGZyb250Lm5ldAAAAAoAAABIQ29va2llOiAgX191dG1hPTUwOTc4ODY2Ny4wNDgyODI4ODA3LjU5NTkzMzc1MDAuNzY3MzgxNjc2NS42NTY2Mjk2NzE2LjU7AAAACQAAAAl2ZXJzaW9uPTQAAAAJAAAADmxpZD05NjIyNDY4NjQ3AAAABwAAAAAAAAAIAAAABQAAAAV0b2tlbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAI0hvc3Q6IGQxZWg2Zmtld2xheHM0LmNsb3VkZnJvbnQubmV0AAAABwAAAAAAAAAFAAAAA3JpZAAAAAkAAAAObGlkPTQ1Nzk0NjMxMDAAAAAJAAAAH21ldGhvZD1nZXRTZWFyY2hSZWNvbW1lbmRhdGlvbnMAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
2560
polling_time
970
port_number
80
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCU4Ej/+fRXXgiM8iqMXk/7EEinbIwxij/jzyInJQ4haz7k4G41C1+BI2TpaZASSkYRM9iPBzE6Estft99g/Vy/PTlz3hOW1CdtyMWzZB5Jnni46nhc95YDqTzsbnaoNCIjLbl1sQFr7fCmfKZ8deqUpeVhLpK5//ytPWxsGYp6hwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
7.382016e+08
unknown2
AAAABAAAAAIAAAAQAAAAAgAAABAAAAACAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/radio/xmlrpc/v35
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64)
watermark
1359593325

Targets

- Target
  
  CF.exe
- Size
  
  1.1MB
- MD5
  
  03c815469b5dabdd81b41c903ee4991f
- SHA1
  
  f1bcae1d72d85cb40e4a0d2196a41535bb6d8faa
- SHA256
  
  556f694bdaff6adf435f8f9b029d4510b886297f0d6ab30a6f2908668bda61aa
- SHA512
  
  00eaaace99f349b2f491c35694941eed55a1fee6af55569c7173eb7f789f76c2d0b6f4bdafea1d6c4964db384973ca38c0084a64d8130a56f9c4f2198eb51938
- SSDEEP
  
  24576:VbToFmw7U3/u1PrxduqHi//Ng3Ai1EfkcMSgiZ:1TIm5u1Prymitg3AiefkcbtZ
Score

10^/10

cobaltstrike 1359593325 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2