cobaltstrike

General

Target

e69ae2c2fbb29be43bbd107fd6bdceebe9584c5d103d555ea3b618c3aebb9048
Size

166KB
Sample

240417-rt9mxsca57
MD5

c319a302b51c63b8662ec4a9a3420ca8
SHA1

a125f70f3ea0bc36c8205247140c5df1145369a3
SHA256

e69ae2c2fbb29be43bbd107fd6bdceebe9584c5d103d555ea3b618c3aebb9048
SHA512

6ffe20be1c0cb39f7064e44252b5335fefcc573a01d68206a09e85dfe654d7c7e1c6d35d6cd9222890193e327a3d2b9932d8902de70b4d805cb68a7b4fc4f9d6
SSDEEP

3072:mJcTlJdOL3stHDHuEnw0P+WWDsVI7sB0EpKuT38YXn4eIjeyV+iucg:vBJq8NHu4wkvW4znk+3/3oucg

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

C2

http://0.0xo.lat:2083/massaction.html

Attributes

access_type
512
beacon_type
2048
host
0.0xo.lat,/massaction.html
http_header1
AAAAEAAAAA9Ib3N0OiAwLjB4by5sYXQAAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAMAAAACAAAABUhTSUQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAAA9Ib3N0OiAwLjB4by5sYXQAAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAABVBY2NlcHQtRW5jb2Rpbmc6IGd6aXAAAAAKAAAAGENvbnRlbnQtVHlwZTogdGV4dC9wbGFpbgAAAAcAAAABAAAADwAAAAMAAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9984
polling_time
61882
port_number
2083
sc_process32
%windir%\syswow64\runonce.exe
sc_process64
%windir%\sysnative\runonce.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzsonrmxliSNkZLrIr1jUfT2tvoGJcP2qf+n6vp+e1XiDRxysmU+LwwkZG13AMH8IfOLb6j0rTjZ9aDe0sbY1nV0Pr58cWJ75gBpoIbbzv+1/rpx+Ou3A/EPLL31F0HGSYyW1zXOHw+UCojPsGGed4ePpfkDSxxIrP302ERHjE7wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
5.10860288e+08
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/be
user_agent
Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko)
watermark
100000000

Targets

- Target
  
  2ca06e5fefea1834a8449cac18f856bdee394fedb8baebbc2e490f1e54b46ef3.exe
- Size
  
  281KB
- MD5
  
  742af1224952b098f38d3995c3e7ffde
- SHA1
  
  2c1a08cbb43f1ddd3bd6d3ba10c3272a79c3dbb6
- SHA256
  
  2ca06e5fefea1834a8449cac18f856bdee394fedb8baebbc2e490f1e54b46ef3
- SHA512
  
  ff1599c19396114fe6b32e3ae9dc33b73d844dec5e39baf59abe059436db3a2220f4fb9c6c71fd65d4dbff83ef911843854f13c5cb57342a203a69551488ee53
- SSDEEP
  
  6144:mC5JbonlqFcS/yC808EwAgQnVyn0kkE06:PhHZ/v5wEnVyn0k
Score

10^/10

cobaltstrike 100000000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2