cobaltstrike

General

Target

c70506380b264c568de4fabeb1e66e40573c826abfa8dad44ec2c8a140bde899.exe
Size

1.4MB
Sample

240519-kxb3habc4x
MD5

6b6a7815d05a2a54240d9d9a7410a025
SHA1

b53b747a0cc653ec99d685b6e5a3bee2ddc63b2c
SHA256

c70506380b264c568de4fabeb1e66e40573c826abfa8dad44ec2c8a140bde899
SHA512

257dc5b33430fd614720b4ab3d66756cd758a52c15decca7b6b2fe80bd60168ccd9caa72d35001ffda49cff57a113f746cb4f6c9995e54cb94e1064a0249b664
SSDEEP

24576:RyFAbEr5R1czxX5TkB1NN/O59B675fcF6kyKa/D:Kga5R68y6Qab

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

C2

http://service-0xgb0mzs-1317544938.gz.tencentapigw.com.cn:443/api/x

Attributes

access_type
512
beacon_type
2048
host
service-0xgb0mzs-1317544938.gz.tencentapigw.com.cn,/api/x
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
1000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTN3bT8NJ0fEKrdSBxYZaEUo+LHW1kw2GMEUQ57BVhsz9BfFMtncyRie6VuHQXiJjB+Qo380pgukMIHbJdnl/ctsiMNQetoFzFjNZomiRgBQK6ne30XZVdi8h5AAeq4bHdhV+SjcvmVZQXT5bqaHeZOxH9iB9CQiR0RuuZZS6I8wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/api/y
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
watermark
100000000

Targets

- Target
  
  c70506380b264c568de4fabeb1e66e40573c826abfa8dad44ec2c8a140bde899.exe
- Size
  
  1.4MB
- MD5
  
  6b6a7815d05a2a54240d9d9a7410a025
- SHA1
  
  b53b747a0cc653ec99d685b6e5a3bee2ddc63b2c
- SHA256
  
  c70506380b264c568de4fabeb1e66e40573c826abfa8dad44ec2c8a140bde899
- SHA512
  
  257dc5b33430fd614720b4ab3d66756cd758a52c15decca7b6b2fe80bd60168ccd9caa72d35001ffda49cff57a113f746cb4f6c9995e54cb94e1064a0249b664
- SSDEEP
  
  24576:RyFAbEr5R1czxX5TkB1NN/O59B675fcF6kyKa/D:Kga5R68y6Qab
Score

10^/10

cobaltstrike 100000000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2