cobaltstrike

General

Target

80788a1b74438e67564781c139996d85167f25f2b3885b094aaebd35fc21c5ec
Size

2.9MB
Sample

240326-kxh6taef89
MD5

258c9b2fc8dcb0547b08618a00f130f8
SHA1

cb4db6ae7fe7a5e0864ab1ce822b520823123612
SHA256

80788a1b74438e67564781c139996d85167f25f2b3885b094aaebd35fc21c5ec
SHA512

2ebbe29f3d7f48f96657e180b8fe794585afdea8b5a86822fa59806802b124c045345edb67ccdeaafd79dee5bebcd602f4f0b8d5b8168f5862752b480dd06cec
SSDEEP

49152:+RwF8yI4fotnHViwPG9ku/B56xgO7vYFCL5QV:+CrcckXJ7vYFCL5QV

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://39.100.86.42:4443/download/20/ZO2XY7A4BOWU

Attributes

access_type
512
beacon_type
2048
host
39.100.86.42,/download/20/ZO2XY7A4BOWU
http_header1
AAAACgAAADRBY2NlcHQ6IGFwcGxpY2F0aW9uL3htbCwgYXBwbGljYXRpb24vanNvbiwgdGV4dC9odG1sAAAACgAAABNBY2NlcHQtTGFuZ3VhZ2U6IGVzAAAACgAAABxBY2NlcHQtRW5jb2Rpbmc6IGNvbXByZXNzLCAqAAAABwAAAAAAAAAPAAAACAAAAAIAAAAPYXV0aF90b2tlblJQRkQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAADRBY2NlcHQ6IGFwcGxpY2F0aW9uL3htbCwgYXBwbGljYXRpb24vanNvbiwgdGV4dC9odG1sAAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLWllAAAACgAAAB1BY2NlcHQtRW5jb2Rpbmc6IGNvbXByZXNzLCBicgAAAAcAAAAAAAAADwAAAAsAAAAFAAAACV9MRk9DRkZLVQAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9984
polling_time
118505
port_number
4443
sc_process32
%windir%\syswow64\Locator.exe
sc_process64
%windir%\sysnative\WUAUCLT.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSQrvehtufcIZXD/TShooFgwFOWEDGt1PjgLY7Pkm38YCJPPcqVS+bDXi6Wzrxm/1Ha5M3qONJ5tfaEQYDXEY+uu0p8HWdN2ONrqMdK9osCGxY7lGfWhdD/DVIVx7YdHBb3UgvdhzeDZn9ShNG/amNf67H1bCxBCmZkM/F6AllhQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
6.78630656e+08
unknown2
AAAABAAAAAEAABDyAAAAAgAADNsAAAANAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/Fashion/account/5TQ57I2XMZ9Q
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
watermark
391144938
year
512

Targets

- Target
  
  80788a1b74438e67564781c139996d85167f25f2b3885b094aaebd35fc21c5ec
- Size
  
  2.9MB
- MD5
  
  258c9b2fc8dcb0547b08618a00f130f8
- SHA1
  
  cb4db6ae7fe7a5e0864ab1ce822b520823123612
- SHA256
  
  80788a1b74438e67564781c139996d85167f25f2b3885b094aaebd35fc21c5ec
- SHA512
  
  2ebbe29f3d7f48f96657e180b8fe794585afdea8b5a86822fa59806802b124c045345edb67ccdeaafd79dee5bebcd602f4f0b8d5b8168f5862752b480dd06cec
- SSDEEP
  
  49152:+RwF8yI4fotnHViwPG9ku/B56xgO7vYFCL5QV:+CrcckXJ7vYFCL5QV
Score

10^/10

cobaltstrike 391144938 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2