cobaltstrike

General

Target

14554646166.zip
Size

597KB
Sample

240125-3g4rpaaehm
MD5

f3ffbe22e915baa5685bdaffbf352148
SHA1

8f38eb79b855b72f4403d46d483f69135ee9811f
SHA256

55148714c8eb7e28f159d3d75b7b70954002058ad586ccf3dac091667c0d3a66
SHA512

b8475454072cab32a0c1cfb8cc7a83faace7e31ce546385ff7d4f98aa15ed3962a5dca37ac64203e672fb1b6e9287cdc4538682d839d301e0912ee6c3fe8d39c
SSDEEP

12288:TVfY1NHk33xGZiQKx5qv6Yz83JAwZKQsHpDd6wDrIjD:TVfY1O3UKx5qaZ99sHp55O

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

12345

C2

http://homegroupstack.com:443/nod

Attributes

access_type
512
beacon_type
2048
host
homegroupstack.com,/nod
http_header1
AAAAEAAAABhIb3N0OiBob21lZ3JvdXBzdGFjay5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAACZBY2NlcHQtRW5jb2Rpbmc6IGNvbXByZXNzIGd6aXAgZGVmbGF0ZQAAAAoAAAAqQWNjZXB0LUxhbmd1YWdlOiBkYSwgZW4tZ2I7cT0wLjgsIGVuO3E9MC43AAAABwAAAAAAAAALAAAAAwAAAAIAAAAGZnNzaWQ9AAAABgAAAAZDb29raWUAAAAJAAAACmp1bXA9ZmFsc2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABhIb3N0OiBob21lZ3JvdXBzdGFjay5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABlBY2NlcHQtRW5jb2Rpbmc6IGNvbXByZXNzAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAcAAAABAAAACwAAAAMAAAACAAAABmJydXNoPQAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
6400
polling_time
48
port_number
443
sc_process32
%windir%\syswow64\gpupdate.exe
sc_process64
%windir%\sysnative\gpupdate.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYLh2G739mZQaynQyHXOTt0qJ/mXHDV4M3AII3C5+/xQEMBZSOqeRpAy+Xw0CP4n6mIQmbhgFXolA1VZ3Y5Mxk+1vQQlc1rxE0+gCIBOb+skRYoP7a6p5QF0zPCTRklA0A35sp3D85TrrltViKQfOYB+0u38obSqu9GVyGRpWxywIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
2.941654272e+09
unknown2
AAAABAAAAAIAAAFTAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/bore
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
watermark
12345

Targets

- Target
  
  3e2f5aa0ac14191d983982d46ac1a77c9e4b36b6d5fd71cc26bf19cb29c4723a
- Size
  
  953KB
- MD5
  
  01b81300fb48995f22c65560ed0cfd05
- SHA1
  
  0f8e6ce7f89b3557c6cc42defa322a3f225fb5fe
- SHA256
  
  3e2f5aa0ac14191d983982d46ac1a77c9e4b36b6d5fd71cc26bf19cb29c4723a
- SHA512
  
  e1250645732c015ed7a73cc36e208155a6069e255add973546b84234196a1d4257ba91bc0ebb7df817304cab15cf4c5ab33479bcb9967079e3d669901b3a3d07
- SSDEEP
  
  12288:PWw5VIzYZYsnJkfrBtyvILchTxo58WIuj/J6XNi/VqXjD3WDyPSHuec2yie1ESye:Pr5xbS5c2yie1ESytvDMNDKahlnUb
Score

10^/10

cobaltstrike 12345 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2