cobaltstrike

General

Target

77dd01dfbc9bbf2ca5291302ec8dc14474c0c99cea205909d5f413dba2030e15
Size

2.7MB
Sample

240425-vsrx9sda63
MD5

d35032ce43f4e7a4df68847200d27ef5
SHA1

59f7c094ce4fd64ba0cd9cbbbf5d6d6a72093c35
SHA256

77dd01dfbc9bbf2ca5291302ec8dc14474c0c99cea205909d5f413dba2030e15
SHA512

a4a9a694f6daa4a6549fa937c147e17029b824eb1370d8112c4a1b198588fefd7e0b389951c1d66ac5bac818ff9157af9fbbb93096ee197dd043d6eaba609e4e
SSDEEP

49152:2cPrfp5UazeHWIECUQxWO0OCXYgiIvNqb11:ZUaze3V

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://8.141.95.164:45382/mht_image/

Attributes

access_type
512
beacon_type
2048
host
8.141.95.164,/mht_image/
http_header1
AAAACgAAAEhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKmw7cT0wLjgAAAAKAAAAHlJlZmVyZXI6IGh0dHA6Ly93d3cuZ29vZ2xlLmNvbQAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAgAAAABAAAABC5qcGcAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAoAAAAeUmVmZXJlcjogaHR0cDovL3d3dy5nb29nbGUuY29tAAAACgAAABBQcmFnbWE6IG5vLWNhY2hlAAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAcAAAAAAAAACwAAAAEAAAAELnBuZwAAAAwAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
45382
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEZbzcff9JbW4j2x/g8sxgLnunWbGHmo3zR9JkMt0jK+fjwjaNT/mOzuzkVf/b9ewCmrfrKpQ7VriS/9HHUjqL/v5CIgjJ9PqutAmfSq/EZEeWHGnfn5N+Pn0VFOphJom0jX5slvpnPmCF/tRFs0xgSDKQJPQbH+5JLh4koNstzQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/mht_email/
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP09; NP09; MAAU)
watermark
391144938

Targets

- Target
  
  77dd01dfbc9bbf2ca5291302ec8dc14474c0c99cea205909d5f413dba2030e15
- Size
  
  2.7MB
- MD5
  
  d35032ce43f4e7a4df68847200d27ef5
- SHA1
  
  59f7c094ce4fd64ba0cd9cbbbf5d6d6a72093c35
- SHA256
  
  77dd01dfbc9bbf2ca5291302ec8dc14474c0c99cea205909d5f413dba2030e15
- SHA512
  
  a4a9a694f6daa4a6549fa937c147e17029b824eb1370d8112c4a1b198588fefd7e0b389951c1d66ac5bac818ff9157af9fbbb93096ee197dd043d6eaba609e4e
- SSDEEP
  
  49152:2cPrfp5UazeHWIECUQxWO0OCXYgiIvNqb11:ZUaze3V
Score

10^/10

cobaltstrike 391144938 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2