cobaltstrike

General

Target

oui.txt
Size

657KB
Sample

240219-km8nqabg52
MD5

7a0345455b6b7d876439cd96ecb5cb42
SHA1

ccf96db006b085ee58f8f25ad777a25e2b21a201
SHA256

bb263c08867fbef300d995919374c18e6834994846779f6c564c204c8cec7fcc
SHA512

9ba8105c7eab7bc4ca7e6a3f9ee18b2eede632afc220ea1069f580a00a536b73654311e782401092fa4f2b3e9176ae52f2da826b2f426028a43a5c686f3ab35c
SSDEEP

12288:0kuO+kSDwueHMVjx8rFxTvDpeMRYGaLsqIv5S:upk0eauTrc2lX4

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

12345

C2

http://gabecreatenew.com:443/professional.js

Attributes

access_type
512
beacon_type
2048
host
gabecreatenew.com,/professional.js
http_header1
AAAAEAAAABdIb3N0OiBnYWJlY3JlYXRlbmV3LmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAHAAAAAAAAAA0AAAADAAAAAgAAAAZfdXRtYT0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABdIb3N0OiBnYWJlY3JlYXRlbmV3LmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAABAAAADQAAAAMAAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
20224
polling_time
63
port_number
443
sc_process32
%windir%\syswow64\mstsc.exe
sc_process64
%windir%\sysnative\mstsc.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJcGrzJo1VQ2KXXyMfdOtKz4YtWRgIAF8cYYcrE88ucq8ZV4AeE8dyDFekma+XMJDZ2MjIz5UiMlII5k3Q4UTy1YQpgebmFfnKxi7iSv7NTYt8Fmihw/5On7yAgalsgrZJYDB+frCY5Um8zPjqvRZpU3nuKGZYQSZ0y88E+AeR4QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
5.44480256e+08
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/standardized
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 GROW-2135 Safari/537.36 OPR/76.0.4017.222
watermark
12345

Targets

- Target
  
  oui.txt
- Size
  
  657KB
- MD5
  
  7a0345455b6b7d876439cd96ecb5cb42
- SHA1
  
  ccf96db006b085ee58f8f25ad777a25e2b21a201
- SHA256
  
  bb263c08867fbef300d995919374c18e6834994846779f6c564c204c8cec7fcc
- SHA512
  
  9ba8105c7eab7bc4ca7e6a3f9ee18b2eede632afc220ea1069f580a00a536b73654311e782401092fa4f2b3e9176ae52f2da826b2f426028a43a5c686f3ab35c
- SSDEEP
  
  12288:0kuO+kSDwueHMVjx8rFxTvDpeMRYGaLsqIv5S:upk0eauTrc2lX4
Score

10^/10

cobaltstrike 12345 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

Score

1^/10

behavioral1

cobaltstrike12345backdoortrojan

Score

10^/10

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1