cobaltstrike

General

Target

90f6da27de20b69086e94268c03f7a9f99f3695f38a09881ba034b5613e0e262
Size

1.2MB
Sample

240325-cgybssga3z
MD5

255155afa92c39dc303471430641e9b5
SHA1

6a2e66fbd312370ca299b5607ddb0696013a6aee
SHA256

90f6da27de20b69086e94268c03f7a9f99f3695f38a09881ba034b5613e0e262
SHA512

98cfa27ee2b96a7df11cfe312cf81efd38c8bb5487ea2ce5ee5fcfa923419bd5a15061f167a923909cea8bd45b30bbd946a3b11b0b5c674d90c70d47162a898e
SSDEEP

24576:YjrOT0IpR1B+I60mc3TfDgwkIfGFwZV9B675fcF6u:AqxpRd626

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

C2

http://api.googletagmauager.com:443/js/jquery-3.3.1.min.js

Attributes

access_type
512
beacon_type
2048
host
api.googletagmauager.com,/js/jquery-3.3.1.min.js
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAmQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOCx6aC1UVzsAAAAHAAAAAAAAAA0AAAACAAAAMWh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vd2hhdD9pbmRleHR5cGU9MSZfX2NmZHVpZD0AAAAGAAAAB1JlZmVyZXIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAmQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOCx6aC1UVzsAAAAHAAAAAAAAAAMAAAACAAAAMWh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vd2hhdD9pbmRleHR5cGU9MSZfX2NmZHVpZD0AAAAGAAAAB1JlZmVyZXIAAAAHAAAAAQAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
15360
polling_time
12000
port_number
443
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDiq8Z3ZIWxdHswMw0xajkaJ2e+dQfrS7bYFyELbcc9MFlaKa9CZr5AKtDtawA/dcT3wfnXpW8PYhFX4nn+18mvfQYmUZns/cdAeGMNCcJw7tMR4HvwolOStcqgsItPH0tMWFw1k+okTzng0m3CUaLzvmohMGPBCKdzGC2vC5mAvwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.201256192e+09
unknown2
AAAABAAAAAEAAAXyAAAAAgAAD7AAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/ajax/js/
user_agent
User-Agent, Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
watermark
100000000

Targets

- Target
  
  90f6da27de20b69086e94268c03f7a9f99f3695f38a09881ba034b5613e0e262
- Size
  
  1.2MB
- MD5
  
  255155afa92c39dc303471430641e9b5
- SHA1
  
  6a2e66fbd312370ca299b5607ddb0696013a6aee
- SHA256
  
  90f6da27de20b69086e94268c03f7a9f99f3695f38a09881ba034b5613e0e262
- SHA512
  
  98cfa27ee2b96a7df11cfe312cf81efd38c8bb5487ea2ce5ee5fcfa923419bd5a15061f167a923909cea8bd45b30bbd946a3b11b0b5c674d90c70d47162a898e
- SSDEEP
  
  24576:YjrOT0IpR1B+I60mc3TfDgwkIfGFwZV9B675fcF6u:AqxpRd626
Score

10^/10

cobaltstrike 100000000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2