cobaltstrike

General

Target

Malware-1.zip
Size

2.1MB
Sample

240514-wjv41agh2s
MD5

17c624245f92ac5bfe4aa7b8b0a5fcf3
SHA1

5f81a3b2923f923a913144009ddb4440ad01c440
SHA256

2c5d003e79e09c518aa19b703b9256a1d99dbae7f78ca06c1525114c5e521793
SHA512

81684ecead216eb4e912c1a8898f47c57e1c54ba03c47c10e8f4373ab9fecffd241d1fd6a5a6f736fb210d50bee5c6d1a770c27c2d1850e1daea8398bc365cd1
SSDEEP

49152:yf8ADgcm8vNoDZRTBakbtxxL3sdkxW5DS5zsmAoOWbB82+e8p:YDgcm5DTBX7xilS5zs3Wz+e8p

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

12345

C2

http://zziveastnews.com:443/map.jpgv

Attributes

access_type
512
beacon_type
2048
host
zziveastnews.com,/map.jpgv
http_header1
AAAAEAAAABZIb3N0OiB6eml2ZWFzdG5ld3MuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAATQWNjZXB0OiBpbWFnZS94LXBuZwAAAAoAAAAYQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlAAAABwAAAAAAAAAPAAAAAwAAAAIAAAAFdXVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAAEAAAABZIb3N0OiB6eml2ZWFzdG5ld3MuY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAYQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluAAAABwAAAAEAAAALAAAAAwAAAAQAAAAHAAAAAAAAAAMAAAACAAAADl9fc2Vzc2lvbl9faWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
8448
polling_time
43
port_number
443
sc_process32
%windir%\syswow64\gpupdate.exe
sc_process64
%windir%\sysnative\gpupdate.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2jAl4/r4IQxEmxC1UNgiW6cGfjQcNftIsoCpl7cFEKmif+MAqsBfttyPBjb9dY86R7EXkT1MhJgR7DmvoTw90pLpSkrQUmhWkqRdN9qBwlflgeL8knPqQ+g00HqsU54iTPWSzM8lCjfDeHdPJrI9C/BZ5iDuSj+8wafkJyWPcPwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
7.8457344e+07
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/rapidiously
user_agent
Mozilla/5.0 (Linux; Android 11; SM-A715F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
watermark
12345

Targets

- Target
  
  wsus.exe
- Size
  
  3.3MB
- MD5
  
  b6680e15c4f36e7b75fc6676bc911667
- SHA1
  
  ac47aa570a47e035fc72e15573521f5ad93433fa
- SHA256
  
  baa50dbdb108e1769c5b0beff7462ea7deb8fd37782a49f0911619bc51d42105
- SHA512
  
  b3cedd9502b40014d31c3c47a639dce50fa6132f2c5ef444e2d56eef268d82c39d7251af40f3e3eda9b12fc410bbcc3ba034b6008acb156ff1b02fd4be0b888d
- SSDEEP
  
  49152:GR9xkSPZ/KeerFSJvQVdXbqYBNr5BC7+wNBVVp5HKEsHd6q5zF51Ol4P/fROAbRU:TFNrTQTVVoHV5zL3MArU2S
Score

10^/10

cobaltstrike 12345 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

Score

3^/10

behavioral1

cobaltstrike12345backdoortrojan

Score

10^/10

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1