cobaltstrike | 368d86aa86e6d6622b81c27c2b19402096fcecf6108986bf30b0265f86038439 | Triage

Sharing

General

Target

2024-03-15_a99a2f180d3394056eda95262dc47bd0_ryuk
Size

9.9MB
Sample

240315-d379kahd95
MD5

a99a2f180d3394056eda95262dc47bd0
SHA1

08b22ce743e0d61262ab513b907bd80ed9957fae
SHA256

368d86aa86e6d6622b81c27c2b19402096fcecf6108986bf30b0265f86038439
SHA512

8fc499ef707a2e6020613191b06a25c649c78c2a690ef31834aaa469da34e0df0a567136ebced89aa63024002d7bdbc92227bd7f02b800760367e106464c3977
SSDEEP

196608:bgft1KAa9eBaUiO9u5XOU5PYNJAT8UXlVh/iYofG7rYnFkT3uDlQfC:gvj6e0UZ9u8U5QvrUXN/hGaMnWT3u

Score

10^/10

cobaltstrike 100000 backdoor pyinstaller trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://ns1.uabcbattary.com.cn:53/introduction/edr

http://ns2.uabcbattary.com.cn:53/introduction/edr

http://ns3.uabcbattary.com.cn:53/introduction/edr

Attributes

access_type
512
beacon_type
256
dns_idle
1.34744072e+08
host
ns1.uabcbattary.com.cn,/introduction/edr,ns2.uabcbattary.com.cn,/introduction/edr,ns3.uabcbattary.com.cn,/introduction/edr
http_method1
GET
http_method2
POST
jitter
5120
maxdns
255
polling_time
12000
port_number
53
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSAj4+QAAGFW/w4165Jsu5jjWfTxklcMTrw5I9MyComrznseEQBhvjhSy3R5hFwX2C6XenT+fHN722ch6IZhDgXaMnVjfm2eZBRptFfZ+l4YcjdZo0lunaiNBlcMv+IsfVGd3RvSyBa6cuiNODLZlK1U+W+slnOAbKBkeWrlisBQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.103793152e+09
watermark
100000

Targets

- Target
  
  2024-03-15_a99a2f180d3394056eda95262dc47bd0_ryuk
- Size
  
  9.9MB
- MD5
  
  a99a2f180d3394056eda95262dc47bd0
- SHA1
  
  08b22ce743e0d61262ab513b907bd80ed9957fae
- SHA256
  
  368d86aa86e6d6622b81c27c2b19402096fcecf6108986bf30b0265f86038439
- SHA512
  
  8fc499ef707a2e6020613191b06a25c649c78c2a690ef31834aaa469da34e0df0a567136ebced89aa63024002d7bdbc92227bd7f02b800760367e106464c3977
- SSDEEP
  
  196608:bgft1KAa9eBaUiO9u5XOU5PYNJAT8UXlVh/iYofG7rYnFkT3uDlQfC:gvj6e0UZ9u8U5QvrUXN/hGaMnWT3u
Score

10^/10

cobaltstrike backdoor trojan 100000
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrike100000backdoortrojan