cobaltstrike

General

Target

0277eda5a132c6ac8b3086e66a2c0fed4668c3090a82d50a82276703f65b126e
Size

1.3MB
Sample

240425-pfngesaf66
MD5

c20f533663149bbc6445f384bfdb1a20
SHA1

4bbeefdf52cb04cc62cd92b46a64c8bb090ffe74
SHA256

0277eda5a132c6ac8b3086e66a2c0fed4668c3090a82d50a82276703f65b126e
SHA512

ac73805099f7942a505107333577d85a4aabaa6aefac47c6da8446ce65eaac07c6d142863b0ba4b627d87f7b15b5b6773bda92103bbfdb4b8124e8e7fbd7ba66
SSDEEP

24576:KiGSMfHvYbpnuWcwGKx0X479B675fcGS:HG9vwbpBlPD6

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

C2

http://8.217.5.38:443/zh

Attributes

access_type
512
beacon_type
2048
host
8.217.5.38,/zh
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAACAAAAAMAAAACAAAADHJlZ19mYl9nYXRlPQAAAAYAAAAGQ29va2llAAAACQAAAAp0ZXJtcz10cnVlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAA9QWNjZXB0LUxhbmd1YWdlOiBmci1DSCwgZnI7cT0wLjksIGVuO3E9MC44LCBkZTtxPTAuNywgKjtxPTAuNQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAALAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
11008
polling_time
63852
port_number
443
sc_process32
%windir%\syswow64\svchost.exe
sc_process64
%windir%\sysnative\svchost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDadoQooa0CO6geLdEGnbpHguDksL7zTPcvykfGu8/EW5atnWVj++UR7liQaNXADaCHy00Z9q+gNJ/gvxK3f3aqGWlTW3KjD6FdsgFGS4xVSmv4Gl3nnec7tbhRkAtYkFY0Op29GSuwa3npmNO4z9oqizsBN88YbFUyqhEXTn4FQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
6.1158912e+08
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/temp
user_agent
Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
watermark
100000000

Targets

- Target
  
  0277eda5a132c6ac8b3086e66a2c0fed4668c3090a82d50a82276703f65b126e
- Size
  
  1.3MB
- MD5
  
  c20f533663149bbc6445f384bfdb1a20
- SHA1
  
  4bbeefdf52cb04cc62cd92b46a64c8bb090ffe74
- SHA256
  
  0277eda5a132c6ac8b3086e66a2c0fed4668c3090a82d50a82276703f65b126e
- SHA512
  
  ac73805099f7942a505107333577d85a4aabaa6aefac47c6da8446ce65eaac07c6d142863b0ba4b627d87f7b15b5b6773bda92103bbfdb4b8124e8e7fbd7ba66
- SSDEEP
  
  24576:KiGSMfHvYbpnuWcwGKx0X479B675fcGS:HG9vwbpBlPD6
Score

10^/10

cobaltstrike 100000000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2