cobaltstrike

General

Target

4a7cdf4272f11179db9ddc00680bdcbab23d1c6a1cb48b5e7663e299bb7d5dbb
Size

364KB
Sample

240113-pdkyhsaadm
MD5

bad09730da2271391d0a0e1282ed250d
SHA1

154b689b43b87448fc1d3da58417746e4fa99624
SHA256

4a7cdf4272f11179db9ddc00680bdcbab23d1c6a1cb48b5e7663e299bb7d5dbb
SHA512

f4ceae31d6fd5682ce0069de7765a3dada8eeccc45d140ffd5be116c87df4644b16ba4b294e8f7fadb37ca9f85772425efd83e6ed1ed34a343691b785f092cf1
SSDEEP

6144:TgvtgVQ+TOZuxd8JK2+upOHHwgBu5ONCqZHgWj4WTpoNyVfH:Tg9+6ZuxG821pKwgw56CCB8WVoNS

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://106.15.45.70:443/center/update_

Attributes

access_type
512
beacon_type
2048
host
106.15.45.70,/center/update_
http_header1
AAAACgAAAA1BY2NlcHQ6IGltYWdlAAAAEAAAAA1Ib3N0OiAzNjAuY29tAAAACgAAABlSZWZlcmVyOiBodHRwczovLzM2MC5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAACFNFU1NJT049AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAA1BY2NlcHQ6IGltYWdlAAAAEAAAAA1Ib3N0OiAzNjAuY29tAAAACgAAABlSZWZlcmVyOiBodHRwczovLzM2MC5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAAMAAAAFAAAAB1NFU1NJT04AAAAHAAAAAQAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
2560
polling_time
2000
port_number
443
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs+O191/36APxDiTHF2yz8P+JVut5kuz87lIcpuYNeFzKUMj94YwUHBaGTkcyPiaNPqTcO4oZHsaJJibJOnBV5GSorank1oqu//NwEdplDQyKwz2LsC0itNkXivhG0jj24U8EZJmS/lu4cbgYnIdVhypxnRaT4MFX+yf4aTiatgwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.767183616e+09
unknown2
AAAABAAAAAEAAAAIAAAAAgAAAAkAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/center/upload_
user_agent
Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.31
watermark
100000

Targets

- Target
  
  4a7cdf4272f11179db9ddc00680bdcbab23d1c6a1cb48b5e7663e299bb7d5dbb
- Size
  
  364KB
- MD5
  
  bad09730da2271391d0a0e1282ed250d
- SHA1
  
  154b689b43b87448fc1d3da58417746e4fa99624
- SHA256
  
  4a7cdf4272f11179db9ddc00680bdcbab23d1c6a1cb48b5e7663e299bb7d5dbb
- SHA512
  
  f4ceae31d6fd5682ce0069de7765a3dada8eeccc45d140ffd5be116c87df4644b16ba4b294e8f7fadb37ca9f85772425efd83e6ed1ed34a343691b785f092cf1
- SSDEEP
  
  6144:TgvtgVQ+TOZuxd8JK2+upOHHwgBu5ONCqZHgWj4WTpoNyVfH:Tg9+6ZuxG821pKwgw56CCB8WVoNS
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2