cobaltstrike | bf591d97f7c18951b57d108d8345d64d4507138fb6030873018a5db6d148af62 | Triage

Sharing

General

Target

B.exe
Size

10.9MB
Sample

240317-nt39csea3z
MD5

f4a469f67581555a53f524a022aacafb
SHA1

364048247f6552cea9b97ab0d66484ebe9446e3c
SHA256

bf591d97f7c18951b57d108d8345d64d4507138fb6030873018a5db6d148af62
SHA512

a4407f648bfa523d7a3249380c1f0deeb3e92cbcbfa0d235a3dd32745d1d8766cfaa1fe99082d09966ef472af4de6db72c794afef5c670c51637608565ba63c1
SSDEEP

196608:9HGyhL33XXLybGKdNGYj+MxmpVAI62jSBuUtW1lJwo2LrKUYV9bWI:95hL3HyGGlj+E3I6Ev0PeR

Score

10^/10

cobaltstrike 305419896 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://192.168.80.148:443/load

Attributes

access_type
512
beacon_type
2048
host
192.168.80.148,/load
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgIjGsyBUcknsvpyDHOgbqNYC3PG3OFLDEVkJAmTR7PQOj270rjgNrtwwi+JXX5TZvn6BKr+y1DdNKfzEdmvWN6Q63zSDZRqUGj1B9caD0979KL2wIw29rN+NUTew90SmOG0MOETnagxiRieWCZPeMK2QHmfbZ1Ysm6nVb5Lfj8wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1)
watermark
305419896

Targets

- Target
  
  B.exe
- Size
  
  10.9MB
- MD5
  
  f4a469f67581555a53f524a022aacafb
- SHA1
  
  364048247f6552cea9b97ab0d66484ebe9446e3c
- SHA256
  
  bf591d97f7c18951b57d108d8345d64d4507138fb6030873018a5db6d148af62
- SHA512
  
  a4407f648bfa523d7a3249380c1f0deeb3e92cbcbfa0d235a3dd32745d1d8766cfaa1fe99082d09966ef472af4de6db72c794afef5c670c51637608565ba63c1
- SSDEEP
  
  196608:9HGyhL33XXLybGKdNGYj+MxmpVAI62jSBuUtW1lJwo2LrKUYV9bWI:95hL3HyGGlj+E3I6Ev0PeR
Score

10^/10

cobaltstrike 305419896 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

cobaltstrike305419896backdoortrojan