cobaltstrike

General

Target

ibtusb.exe
Size

5.3MB
Sample

240222-qbq77ahg3x
MD5

44eba36e7384d8acfb71c45ecd76cd2f
SHA1

478b267a1e24b0b89b95e34dd4f9e332cbe245e9
SHA256

0f344424ed7746c3f41e07085d997fc94b3bff5ff4e3007a08400249218af79e
SHA512

d2440215688ca2c41768f6bb0176d579a83379b36d55030a3ca9d9a78bf00d97cbf64216540b7bf1e43f06b8a848bd9bc48f0c97ef43d1ee6439ed85204c1ac5
SSDEEP

98304:4Dnjjk9yqWaZNyRKKYw7ts9CvT5EDeKxW2aFlRpuI:SjjbaORbTps7wru

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1580103824

C2

http://qw.regcssv.com:443/fam_calendar

http://as.regcssv.com:443/fam_calendar

http://zx.regcssv.com:443/fam_calendar

Attributes

access_type
512
beacon_type
2048
host
qw.regcssv.com,/fam_calendar,as.regcssv.com,/fam_calendar,zx.regcssv.com,/fam_calendar
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAAAwAAAAMAAAACAAAAK3dvcmRwcmVzc19lZDFmNjE3YmJkNmMwMDRjYzA5ZTA0NmYzYzFiNzE0OD0AAAAGAAAABkNvb2tpZQAAAAkAAAAJbWQ1PWZhbHNlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAlQWNjZXB0LUxhbmd1YWdlOiBlbi1HQjtxPTAuOSwgKjtxPTAuNwAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAADAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9984
polling_time
58745
port_number
443
sc_process32
%windir%\syswow64\WUAUCLT.exe
sc_process64
%windir%\sysnative\WUAUCLT.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUb+e4qIKcYoI+Y1xKjMHzDQfGYWgzOb7mw+L70GWuQk4deptUnuenxtej6a430owXJvcyaF6I5k8YLIVEvAJMqaRG6TNs1jNxTVw8fiAKByNLheFZ/jG4kr7Lq2oS7z4YvGFuIVl4uCXUC91r+9CWmTq0//srllDPwNAFFGbmHwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.272630272e+09
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/mt
user_agent
Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko)
watermark
1580103824

Targets

- Target
  
  ibtusb.exe
- Size
  
  5.3MB
- MD5
  
  44eba36e7384d8acfb71c45ecd76cd2f
- SHA1
  
  478b267a1e24b0b89b95e34dd4f9e332cbe245e9
- SHA256
  
  0f344424ed7746c3f41e07085d997fc94b3bff5ff4e3007a08400249218af79e
- SHA512
  
  d2440215688ca2c41768f6bb0176d579a83379b36d55030a3ca9d9a78bf00d97cbf64216540b7bf1e43f06b8a848bd9bc48f0c97ef43d1ee6439ed85204c1ac5
- SSDEEP
  
  98304:4Dnjjk9yqWaZNyRKKYw7ts9CvT5EDeKxW2aFlRpuI:SjjbaORbTps7wru
Score

10^/10

cobaltstrike 1580103824 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2