cobaltstrike

General

Target

976f57442452cd54cada011c565ada0c01f5b1460e31ee6cea330d210d3e8f50
Size

279KB
Sample

240425-pjnatsaf3t
MD5

af3bae4cd76221a61c7b62787bd430a3
SHA1

4d4433d59861ac64af974658c06f38a49d25c74e
SHA256

976f57442452cd54cada011c565ada0c01f5b1460e31ee6cea330d210d3e8f50
SHA512

71868656bfecbf94a07ba2c7f5910b2657001714bcdd549f3446979238095e14f97225727428a0a16c0112ab7af57e18e2171dc79b74bff9641a2cf81910365b
SSDEEP

6144:Mm9Nqx9EiOhLILUtnCQni/uSxEwK5Svc9KVstF6s:MmYOhELm/i/uStc9KYF6s

Score

10^/10

cobaltstrike 0 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://petapixel.fun:443/activeview_openrtb2/support

Attributes

access_type
512
beacon_type
2048
host
petapixel.fun,/activeview_openrtb2/support
http_header1
AAAAEAAAABNIb3N0OiBwZXRhcGl4ZWwuZnVuAAAACgAAAI9Vc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NwAAAAoAAABdQWNjcGV0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS9hdmlmLGltYWdlL3dlYnAsKi8qO3E9MC44AAAACgAAACBBY2NlcHQtTGFuZ3VhZ2U6IGZyLUNILCBmcjtxPTAuOQAAAAcAAAAAAAAADQAAAAIAAAAPX19pbnNwX3RhcmdscHQ9AAAABgAAAAdDb29raWVzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABNIb3N0OiBwZXRhcGl4ZWwuZnVuAAAACgAAAI9Vc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NwAAAAoAAAA2Q29udGVudC1UeXBlOiBtdWx0aXBhcnQvZm9ybS1kYXRhOyBib3VuZGFyeT0tLS0tLS0tMjUxAAAACgAAACBBY2NlcHQtTGFuZ3VhZ2U6IGZyLUNILCBmcjtxPTAuOQAAAAoAAAAeUmVmZXJlcjogaHR0cHM6Ly9wZXRhcGl4ZWwuZnVuAAAABwAAAAEAAAANAAAAAgAAADotLS0tLS0tMjUxCkNvbnRlbnQtRGlzcG9zaXRpb246IGZvcm0tZGF0YTsgbmFtZT0ic3RhdGVfMSIKAAAAAQAAAAwtLS0tLS0tMjUxLS0AAAAEAAAABwAAAAAAAAANAAAAAgAAAA9fX2luc3BfdGFyZ2xwdD0AAAABAAAAATsAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
6400
polling_time
100000
port_number
443
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsWBLNjzzbZzxLaHBYi1Xdq1sFxesOUQJEU34jcyWloeZmqa5eCCTYai7asAK1Zd12IA4DGTZ0Tq18EVcMS2JAzeM5rsfrTNfUloL7T/ahouJTCH3cDJusZ6b1BqPIxsgMEHQIVBXogz/xcxqZ7Cc48X163R0AsBg0XD5EMqOFGwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
2.589725952e+09
unknown2
AAAABAAAAAEAAADGAAAAAgAABn4AAAANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/activeview_openrtb2/recent-actv/confirm
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36
watermark
0

Targets

- Target
  
  976f57442452cd54cada011c565ada0c01f5b1460e31ee6cea330d210d3e8f50
- Size
  
  279KB
- MD5
  
  af3bae4cd76221a61c7b62787bd430a3
- SHA1
  
  4d4433d59861ac64af974658c06f38a49d25c74e
- SHA256
  
  976f57442452cd54cada011c565ada0c01f5b1460e31ee6cea330d210d3e8f50
- SHA512
  
  71868656bfecbf94a07ba2c7f5910b2657001714bcdd549f3446979238095e14f97225727428a0a16c0112ab7af57e18e2171dc79b74bff9641a2cf81910365b
- SSDEEP
  
  6144:Mm9Nqx9EiOhLILUtnCQni/uSxEwK5Svc9KVstF6s:MmYOhELm/i/uStc9KYF6s
Score

10^/10

cobaltstrike 0 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2