cobaltstrike

General

Target

ef559f93e3f3f8c473884b3a17813d2f5697f0aa800d3619777f6fd821438283
Size

1.5MB
Sample

240222-jdd73seg32
MD5

e031cc975c57a61b74d8f08bb61a9c53
SHA1

2dfb1233292301ed5181e5242382f5ac98135c3b
SHA256

ef559f93e3f3f8c473884b3a17813d2f5697f0aa800d3619777f6fd821438283
SHA512

e02237de35d52795acb3cad0685ba58aab157f68cf8d32115d1d5c1db9a5bd5373e841934233ceb4414c0e2d193f1d60dcad2581634dfd842b7012d566844354
SSDEEP

24576:TMyeCDG5zyeXom9Lmko8BB9CQExDbrWjoGPbGPka:4xAG5zy2oj99+joGPUk

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://120.79.167.191:443/api/v1/server/user/info

Attributes

access_type
512
beacon_type
2048
host
120.79.167.191,/api/v1/server/user/info
http_header1
AAAACgAAAHlBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45AAAACgAAABtTZWMtRmV0Y2gtU2l0ZTogc2FtZS1vcmlnaW4AAAAKAAAAElNlYy1GZXRjaC1Vc2VyOiA/MQAAAAoAAAAfUmVmZXJlcjogaHR0cHM6Ly93d3cuYmFpZHUuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IHpoLUNOLHpoO3E9MC45AAAABwAAAAAAAAADAAAAAgAAADNCSURVUFNJRD1DQjQ5MDYyMkUwNkVENzM1NDQ3MDhGQTZFQzhENzE0OTsgQkFJRFVJRD0AAAABAAAAZTpGRz0xOyBCRF9IT01FPTE7IFpGWT1tSG5SeTpBVUxsVzJWQWZZbjhjUG1nRFJxQ3NCalZ0SVM0UVZmZVYzUjFWQTpDOyBkZWxQZXI9MDsgQkRfQ0tfU0FNPTE7IFBTSU5PPTE7AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAABpYLUNsaWVudC1WZXJzaW9uOiAyMDIxMDgwMwAAAAoAAAApQWNjZXB0OiBhcHBsaWNhdGlvbi9qc29uLCB0ZXh0L3BsYWluLCAqLyoAAAAKAAAAG1NlYy1GZXRjaC1TaXRlOiBzYW1lLW9yaWdpbgAAAAoAAAAUU2VjLUZldGNoLU1vZGU6IGNvcnMAAAAKAAAAH1JlZmVyZXI6IGh0dHBzOi8vYmJzLmJhaWR1LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAACAAAAEF9fYmFpX2R1aWQ9Rk49MDoAAAABAAAAOzpGRz0xO1BTU0lEPTFfYmNkNTY3ZTA5NjdmODNhMmY0ZGZlYjlhYmJkMGZkMWYxNjY3MjY5NTgwNzg2AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAACAAAAWXsiZXZlbnRfdHlwZSI6ImxvYWQiLCJwYWdlIjowMSwidXNlcl9mcm9tIjoid2ViIiwiZXZlbnRfbmFtZSI6InZpc2l0ZWQtaG9tZSIsImxvZ19pbmZvIjoiAAAAAQAAABUiLCJjb2RlIjoiMTE2MDgyMzg4In0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
5120
polling_time
10000
port_number
443
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCishNvc3gsVc6u/ZLU7CfOlhOG+8Kgqpj3/oi9BPSIn+AaLcu1RE9FE7Pi9pDP4hUAIfxHgKQvPysVhIRVGFQ62+6T80TAWqV9f3HJPmlqmANPKd8J7lKGgRKD2qSzceQgxDK6aVjV1ROQA3UWGYWJPZw5+s/Ci3809qif6ziUUQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
8.44502272e+08
unknown2
AAAABAAAAAEAAAAlAAAAAgAAALUAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/api/v1/server/log
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
watermark
100000

Targets

- Target
  
  ef559f93e3f3f8c473884b3a17813d2f5697f0aa800d3619777f6fd821438283
- Size
  
  1.5MB
- MD5
  
  e031cc975c57a61b74d8f08bb61a9c53
- SHA1
  
  2dfb1233292301ed5181e5242382f5ac98135c3b
- SHA256
  
  ef559f93e3f3f8c473884b3a17813d2f5697f0aa800d3619777f6fd821438283
- SHA512
  
  e02237de35d52795acb3cad0685ba58aab157f68cf8d32115d1d5c1db9a5bd5373e841934233ceb4414c0e2d193f1d60dcad2581634dfd842b7012d566844354
- SSDEEP
  
  24576:TMyeCDG5zyeXom9Lmko8BB9CQExDbrWjoGPbGPka:4xAG5zy2oj99+joGPUk
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2