cobaltstrike

General

Target

beacon.exe
Size

281KB
Sample

240313-3p7tbacg6s
MD5

89b23c7d509345da68098ea9e6750c01
SHA1

5c3b2d20e82ce5556a46bc2bf62d658cf21f48ac
SHA256

ee28c1f6f795cdc260ea36b60a3b9b80e3284752a7503a211034efa04297bb84
SHA512

42a50063c22f117ba5ddafd16613aa00f64c88a01e52de16f958d5731558f4302011b884bdcc7342a3a0b6f55b47517a720022a60f1ed08850153e962a80bef6
SSDEEP

6144:oCAHk7vNMxtRSCuzu02fKblKAJCLuRiE/3OopdmJ5kkkkkkkkiHDC:AcyvRSTujCblKAJCLuRbWmmPkkkkkkk5

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://www.syst1m.tk:2083/tencent.wx.updata.js

Attributes

access_type
512
beacon_type
2048
host
www.syst1m.tk,/tencent.wx.updata.js
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADQAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAAFAAAACF9fY2ZkdWlkAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9472
polling_time
8000
port_number
2083
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPqvvKMJoX0wS3ucFriGsjCHAPKYl9KLVUHZZFjitq0fJNZ0TD4RsqetmHYP8Mw6ZPFrtgyZPUh4tsD1820/sQjlY+UMDbP2KV5a4qkcBdapf/tZZIb73EqzxlppryjNowLJZK44hVJIymkuwucguP3BGX7OgBlbO3ec/iFrPyhwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.234810624e+09
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/tencent.pcwx.updata.js
user_agent
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.5; Author:qwe) like Gecko
watermark
100000

Targets

- Target
  
  beacon.exe
- Size
  
  281KB
- MD5
  
  89b23c7d509345da68098ea9e6750c01
- SHA1
  
  5c3b2d20e82ce5556a46bc2bf62d658cf21f48ac
- SHA256
  
  ee28c1f6f795cdc260ea36b60a3b9b80e3284752a7503a211034efa04297bb84
- SHA512
  
  42a50063c22f117ba5ddafd16613aa00f64c88a01e52de16f958d5731558f4302011b884bdcc7342a3a0b6f55b47517a720022a60f1ed08850153e962a80bef6
- SSDEEP
  
  6144:oCAHk7vNMxtRSCuzu02fKblKAJCLuRiE/3OopdmJ5kkkkkkkkiHDC:AcyvRSTujCblKAJCLuRbWmmPkkkkkkk5
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2