cobaltstrike | 3515458ab170d51e47c5f9303923fbf578d764884333287701084a7bb19e2bb7 | Triage

Sharing

General

Target

file.0xc887193cf0d0.0xc88717e59010.ImageSectionObject.cs.exe.img
Size

292KB
Sample

240212-1cyc1ace7v
MD5

6811bbfcb04c5815631f75ffde16893e
SHA1

dbb826266d35c858772d2d3d4c29a6be4d1f3906
SHA256

3515458ab170d51e47c5f9303923fbf578d764884333287701084a7bb19e2bb7
SHA512

345d90e5465c9a581f6ae2c160980daaf6a29025ba13b01d6a5aa9bb77f02d41632209efe5dfbc1b400974d5b9f26fd0a26dba6bd7efae29c7cee722ba18a3a1
SSDEEP

6144:+5m4SMVk8n/gbwEJKzyd4w8Z2F6Vx7PXLcQG9:+cTMVkC/2U1U6fLdG9

Score

10^/10

cobaltstrike 391144938 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://198.51.100.33:80/push

Attributes

access_type
512
host
198.51.100.33,/push
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
80
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWRNcpRO6NrvOJdZtMYjq77lk0AsCyBsQumR5cFxXjbF7y92EsLp/y8OPJ4yl+dXHAHIjCFoejlq+oG3F4Ll8tazzX49hnk3kYuBkhgHhR4jPnqrCwJy6Senxua/HbT6R9mHJzU1DqFVVEuNsEtqD+2NSslngU+Hdw99MmrvOINwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)
watermark
391144938

Targets

- Target
  
  file.0xc887193cf0d0.0xc88717e59010.ImageSectionObject.cs.exe.img
- Size
  
  292KB
- MD5
  
  6811bbfcb04c5815631f75ffde16893e
- SHA1
  
  dbb826266d35c858772d2d3d4c29a6be4d1f3906
- SHA256
  
  3515458ab170d51e47c5f9303923fbf578d764884333287701084a7bb19e2bb7
- SHA512
  
  345d90e5465c9a581f6ae2c160980daaf6a29025ba13b01d6a5aa9bb77f02d41632209efe5dfbc1b400974d5b9f26fd0a26dba6bd7efae29c7cee722ba18a3a1
- SSDEEP
  
  6144:+5m4SMVk8n/gbwEJKzyd4w8Z2F6Vx7PXLcQG9:+cTMVkC/2U1U6fLdG9
Score

10^/10

cobaltstrike 391144938 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cobaltstrike391144938backdoortrojan