cobaltstrike

General

Target

c020df0b77f8dfa62f37ed491e39a34dba15299f7ad448c69fd3ae9c57dccace
Size

11.8MB
Sample

240329-sgt75sba81
MD5

7ac31190bf802d29201d85b95a7a979c
SHA1

88c4681ad9268570af2fec3fc50d489500504ffa
SHA256

c020df0b77f8dfa62f37ed491e39a34dba15299f7ad448c69fd3ae9c57dccace
SHA512

00e2156e4ab85617cae29eb22a02724c08b5848797fb0a6bf9be44a3f25eae901a6a6156097a224aa0b44361bbc70b1fce77d409e5f7abfcec331619f1ddba8f
SSDEEP

196608:mW9bTm1k8hkEI/F5D/SFGK1c1W903eV4QRJ993iObM9SEKuLmh6TnW6KJSPG:19bTm28hQfuwW+eGQRT93iOb9cL468Jf

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

987654321

C2

http://74.211.105.140:65443/image/

Attributes

access_type
512
beacon_type
2048
host
74.211.105.140,/image/
http_header1
AAAACgAAAEhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKmw7cT0wLjgAAAAKAAAAHlJlZmVyZXI6IGh0dHA6Ly93d3cuZ29vZ2xlLmNvbQAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAgAAAABAAAABC5qcGcAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAoAAAAeUmVmZXJlcjogaHR0cDovL3d3dy5nb29nbGUuY29tAAAACgAAABBQcmFnbWE6IG5vLWNhY2hlAAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAcAAAAAAAAACwAAAAEAAAAELnBuZwAAAAwAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
65443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCo6gjeiOv8ikX8LQ2BCTJHeb2MEsiBxqr6QSSAeosvjFwuNgkR5vYGdSCXPqEO2SXE6rhSsJ2RfvmK49TsMoyOXFvLDHIQUzWdc114peOCH6x/5Zc7dGtq6OUeQN2j2PrUY3N/ggHA++sNQLbX/KnOXTzDHUqFh04+Utxb5dAyhwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/email/
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
watermark
987654321

Targets

- Target
  
  c020df0b77f8dfa62f37ed491e39a34dba15299f7ad448c69fd3ae9c57dccace
- Size
  
  11.8MB
- MD5
  
  7ac31190bf802d29201d85b95a7a979c
- SHA1
  
  88c4681ad9268570af2fec3fc50d489500504ffa
- SHA256
  
  c020df0b77f8dfa62f37ed491e39a34dba15299f7ad448c69fd3ae9c57dccace
- SHA512
  
  00e2156e4ab85617cae29eb22a02724c08b5848797fb0a6bf9be44a3f25eae901a6a6156097a224aa0b44361bbc70b1fce77d409e5f7abfcec331619f1ddba8f
- SSDEEP
  
  196608:mW9bTm1k8hkEI/F5D/SFGK1c1W903eV4QRJ993iObM9SEKuLmh6TnW6KJSPG:19bTm28hQfuwW+eGQRT93iOb9cL468Jf
Score

10^/10

cobaltstrike 987654321 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2