cobaltstrike

General

Target

b1cb3316b73321c3c029802ae11079a1b02dd22512072b41bef93e59ae5c795d
Size

1.5MB
Sample

240518-ew5ersbe9x
MD5

d128a8fd255a8d7da5bfb3571df8d468
SHA1

75f3ccbb8ddc827a7c0abc7b50a19b95546870d9
SHA256

b1cb3316b73321c3c029802ae11079a1b02dd22512072b41bef93e59ae5c795d
SHA512

6ce85367759a1cc003eccef016e3719e2f9eae24e84b6f1c1f6ec115076fa1cc50398cf54555025408e66b6ca3c8e5521246347c727b2cc14134245aff069b81
SSDEEP

24576:SGHFNesrDhiQ70kEZxMTCL/IAJwLbueRSwHYgFpR8a1:SEPrDh57tEZxkCL9CbueRrYgFpR8a1

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://8.130.52.13:8899/jquery-3.3.1.min.js

Attributes

access_type
512
host
8.130.52.13,/jquery-3.3.1.min.js
http_header1
AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAADFRlOiB0cmFpbGVycwAAAAoAAAALQWNjZXB0OiAqLyoAAAAKAAAAa1JlZmVyZXI6IGh0dHBzOi8vY24uYmluZy5jb20vaW1hZ2VzL3NlYXJjaD9xPSVFNCVCOCU5NiVFNyU5NSU4QyVFNiU5NyU4NSVFNiVCOCVCOCVFOCU4MyU5QyVFNSU5QyVCMCZmaXJzdD0xAAAABwAAAAAAAAANAAAAAgAAAAlfX2NmZHVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAoAAAAbT3JpZ2luOiBodHRwczovL2NuLmJpbmcuY29tAAAACgAAAGtSZWZlcmVyOiBodHRwczovL2NuLmJpbmcuY29tL2ltYWdlcy9zZWFyY2g/cT0lRTQlQjglOTYlRTclOTUlOEMlRTYlOTclODUlRTYlQjglQjglRTglODMlOUMlRTUlOUMlQjAmZmlyc3Q9MQAAAAcAAAAAAAAADQAAAAUAAAAIX19mb3JtaWQAAAAJAAAAFGFwaXR5cGU9a2pSbVdnbGpyUVR2AAAACQAAABRvcmRlcnR5cGU9WG92ZkFyRWdBWQAAAAcAAAABAAAADQAAAAIAAAAqYWlkXz01MjIwMDU3MDUmYWNjdmVyPTEmc2hvd3R5cGU9ZW1iZWQmdWE9AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
16896
polling_time
3000
port_number
8899
sc_process32
%windir%\syswow64\WerFault.exe
sc_process64
%windir%\sysnative\WerFault.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsq1neYcqlkmWzzct+s8KTz+d9AD2a3lqV2EYY2oF9fBIhF5veFLNaI3okxHyTt+MP6kVyLnNugZ0M5ZHX1r7dHzejH0IWxlRPDs/FfsGGOGW92bZKZsl2fXnO6RDAGoXfsIfomlDaegoyDC3BLtkvUFht/T2B7pom/vWgNvAcvwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.18408576e+09
unknown2
AAAABAAAAAEAAAY/AAAAAgAABj8AAAACAAADIwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/rewardsapp/ncheader
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
watermark
100000

Targets

- Target
  
  b1cb3316b73321c3c029802ae11079a1b02dd22512072b41bef93e59ae5c795d
- Size
  
  1.5MB
- MD5
  
  d128a8fd255a8d7da5bfb3571df8d468
- SHA1
  
  75f3ccbb8ddc827a7c0abc7b50a19b95546870d9
- SHA256
  
  b1cb3316b73321c3c029802ae11079a1b02dd22512072b41bef93e59ae5c795d
- SHA512
  
  6ce85367759a1cc003eccef016e3719e2f9eae24e84b6f1c1f6ec115076fa1cc50398cf54555025408e66b6ca3c8e5521246347c727b2cc14134245aff069b81
- SSDEEP
  
  24576:SGHFNesrDhiQ70kEZxMTCL/IAJwLbueRSwHYgFpR8a1:SEPrDh57tEZxkCL9CbueRrYgFpR8a1
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2