cobaltstrike

General

Target

bf7e6cf7ae509c1c37ec0faa0c7c96578894308ba8e8266238dbfec8c70d4f55
Size

4.8MB
Sample

240221-rw5fzshf65
MD5

545c8f70b824083c4493e8ea6f307680
SHA1

3ef6d2b6af0eaee669b2991c39398e2aba517adc
SHA256

bf7e6cf7ae509c1c37ec0faa0c7c96578894308ba8e8266238dbfec8c70d4f55
SHA512

45ff4b72692e39b6259069388ebe7fb274481b3ffd479a74191ec37160e79ec7f9f350f391500e75125284ba8fc535e5d8ade6937c06fe96961a26368dfdde1c
SSDEEP

98304:kV7vjyI3n9wEgPq4YImHJ3p6RZv83fNUZlfHhyKkwGK2rs:kJ3nFgPq4YNHJ3YT2glfD7f2

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://10.9.42.86:5555/mall_100_100.html

Attributes

access_type
512
host
10.9.42.86,/mall_100_100.html
http_header1
AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAAj0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45AAAACgAAABxVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxAAAACgAAABpSZWZlcmVyOiBodHRwczovLzEwMDg2LmNuLwAAAAcAAAAAAAAADQAAAAIAAAAFQU5JRD0AAAACAAAAGV9fU2VjdXJlLTNQQVBJU0lEPW5vc2tpbjsAAAABAAAAIztDT05TRU5UPVlFUytDTi56aC1DTisyMDIxMDkxNy0wOS0wAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAD5Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDsgY2hhcnNldD1VVEYtOAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAMFJlZmVyZXI6IGh0dHBzOi8vc2hvcC4xMDA4Ni5jbi9tYWxsXzEwMF8xMDAuaHRtbAAAAAcAAAAAAAAADQAAAAUAAAAIX19mb3JtaWQAAAAJAAAAFHNyY2hmcm9tPW5SS2p4elpSUnh4AAAACQAAABJmaWVsZG5hbWU9Q3pMdUV4S2wAAAAJAAAAFHNlYXJjaHNvcnRpZD1NYnpTRW5CAAAABwAAAAEAAAANAAAAAgAAACphaWRfPTUyMjAwNTcwNSZhY2N2ZXI9MSZzaG93dHlwZT1lbWJlZCZ1YT0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9472
polling_time
30000
port_number
5555
sc_process32
%windir%\syswow64\runonce.exe
sc_process64
%windir%\sysnative\runonce.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxjoU7rhDdH22NnxfFmS+4wJTPNlnoZhwvDQcVx3l+EVmYaQi7WoG2v4/Ciov0lm9n6Nn8pNNikam7Wo4rnGBtSFkT1pjZDth/1JI4VT1JCGPAceuhf2S5Q3K9f4MO3W23+m/OJ/8yCWihhxKgL/ivwpGKKngBeUBX0U3j5YFrowIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.03243264e+08
unknown2
AAAABAAAAAEAAAglAAAAAgAACCUAAAACAAACyAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/ajax/recharge/recharge.json
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4044.62 Safari/537.36
watermark
391144938

Targets

- Target
  
  bf7e6cf7ae509c1c37ec0faa0c7c96578894308ba8e8266238dbfec8c70d4f55
- Size
  
  4.8MB
- MD5
  
  545c8f70b824083c4493e8ea6f307680
- SHA1
  
  3ef6d2b6af0eaee669b2991c39398e2aba517adc
- SHA256
  
  bf7e6cf7ae509c1c37ec0faa0c7c96578894308ba8e8266238dbfec8c70d4f55
- SHA512
  
  45ff4b72692e39b6259069388ebe7fb274481b3ffd479a74191ec37160e79ec7f9f350f391500e75125284ba8fc535e5d8ade6937c06fe96961a26368dfdde1c
- SSDEEP
  
  98304:kV7vjyI3n9wEgPq4YImHJ3p6RZv83fNUZlfHhyKkwGK2rs:kJ3nFgPq4YNHJ3YT2glfD7f2
Score

10^/10

cobaltstrike 391144938 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2