cobaltstrike

General

Target

45e6d1d1801221cd1396e67c99a7d408ebd4cd6b18e918e16ff8dc4b1207782c
Size

932KB
Sample

240309-k1rmcsfc5s
MD5

01c3de79835d5e0822d130478c4709aa
SHA1

782e8ec2dc25c3ea971ce1dcfcf854d6bd13929f
SHA256

45e6d1d1801221cd1396e67c99a7d408ebd4cd6b18e918e16ff8dc4b1207782c
SHA512

38b6643a1117ac0763c0e245c9031ba698e522d73d1a59c3b337a33fdab8a0623513be93e1d9acb29aa911a736f530a7344f993f7c4821c71743a54853b13373
SSDEEP

24576:EOT0iqNy1Upc3SmBt/z90mTnCjqKLTjz:FqU1ZBajqKLTjz

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

C2

http://service-rbj9jdc8-1257582847.nj.apigw.tencentcs.com:443/help

Attributes

access_type
512
beacon_type
2048
host
service-rbj9jdc8-1257582847.nj.apigw.tencentcs.com,/help
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9472
polling_time
10000
port_number
443
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcDM451tcncv9V4lKHUclW0bT5Fispre6S3sEpNoKuaTUY9bHkNv+vW8s+CqSOx7IxvhqdgoG3bNMEYHtdelAxDMJVyvwRmOZK9RbqWhngvVSPbtYlWZmVTM1rEG9yDcF3ZCxdMvdSSobD/GOxQa7K3Z8Z0Zll2sVuVCi/lkB9aQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/manager
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_07_00) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
watermark
100000000

Targets

- Target
  
  45e6d1d1801221cd1396e67c99a7d408ebd4cd6b18e918e16ff8dc4b1207782c
- Size
  
  932KB
- MD5
  
  01c3de79835d5e0822d130478c4709aa
- SHA1
  
  782e8ec2dc25c3ea971ce1dcfcf854d6bd13929f
- SHA256
  
  45e6d1d1801221cd1396e67c99a7d408ebd4cd6b18e918e16ff8dc4b1207782c
- SHA512
  
  38b6643a1117ac0763c0e245c9031ba698e522d73d1a59c3b337a33fdab8a0623513be93e1d9acb29aa911a736f530a7344f993f7c4821c71743a54853b13373
- SSDEEP
  
  24576:EOT0iqNy1Upc3SmBt/z90mTnCjqKLTjz:FqU1ZBajqKLTjz
Score

10^/10

cobaltstrike 100000000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2