cobaltstrike

General

Target

9d929251de63279c6277862c63317ce8
Size

270KB
Sample

240118-g228psebcm
MD5

9d929251de63279c6277862c63317ce8
SHA1

2902f9deae6aecc5bd3e575bc4d702eaceba441b
SHA256

4c0ed4803eb4f0732c5adbebc42345d2d7f1438ca1f57d9ee56108e9130a1349
SHA512

1c58f0f0400dbd0dc4b301bb06c69af825d054cf18a69b65b3a4e14202f6c186e0b8503fe9226cfe5bd17dfac9d03d1eb6ea73ad45927404efb386b8336f6c55
SSDEEP

3072:+zbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnL7zJCGIkfhUYJF6vzH1:+zbUWootfDCvT4ZTXzCLDIk5UDRrKM

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://service-18c6z8nb-1303896379.sh.tencentapigw.cn:443/api/x

Attributes

access_type
512
beacon_type
2048
host
service-18c6z8nb-1303896379.sh.tencentapigw.cn,/api/x
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCc2heXUBrRHG7d32CNZ4unoIajbLUVu1bZqvywGWGDilmp7GWLaHToZCmP+DXpmEjdtXWjgvldKfqhp2CWBfHeQEqtpc/aMtPBTFWQVviD2W5Gv1s4UuXoTiaHrFG5zdt16LRLkHbANUznMedqelWO5BTxuUPCpokB7rX+tuRc8QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/api/y
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
watermark
391144938

Targets

- Target
  
  9d929251de63279c6277862c63317ce8
- Size
  
  270KB
- MD5
  
  9d929251de63279c6277862c63317ce8
- SHA1
  
  2902f9deae6aecc5bd3e575bc4d702eaceba441b
- SHA256
  
  4c0ed4803eb4f0732c5adbebc42345d2d7f1438ca1f57d9ee56108e9130a1349
- SHA512
  
  1c58f0f0400dbd0dc4b301bb06c69af825d054cf18a69b65b3a4e14202f6c186e0b8503fe9226cfe5bd17dfac9d03d1eb6ea73ad45927404efb386b8336f6c55
- SSDEEP
  
  3072:+zbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnL7zJCGIkfhUYJF6vzH1:+zbUWootfDCvT4ZTXzCLDIk5UDRrKM
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2