cobaltstrike | 8fdcd195bd829919ba267cb650ddb750fb3ffe30d783f21fea25c3fcccf30154 | Triage

Submit
Reports

Overview

overview

Static

static

3

8fdcd195bd...54.exe

windows7-x64

8fdcd195bd...54.exe

windows10-2004-x64

Sharing

General

Target

8fdcd195bd829919ba267cb650ddb750fb3ffe30d783f21fea25c3fcccf30154
Size

2.5MB
Sample

240524-m11ldaee67
MD5

6bfaa5a65025c9762dbd759cf92272bb
SHA1

1e738b9ba88d27e5a991691c5a60555f2e4af4cc
SHA256

8fdcd195bd829919ba267cb650ddb750fb3ffe30d783f21fea25c3fcccf30154
SHA512

f8716ff11bc66c00c7ab472920d1912988c7f846e9e62206198262a243fcda2a0c2cc1542d664e00ff8857d1303a7ba3fb3b15366027ed0b3f62be9e5f9fc351
SSDEEP

49152:nGkfskurb/ThvO90d7HjmAFd4A64nsfJHJWYSrvauegRRYszTz19+tee2owSdGxz:p3WzOYho7fK

Score

10^/10

cobaltstrike 100000000 backdoor trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8fdcd195bd829919ba267cb650ddb750fb3ffe30d783f21fea25c3fcccf30154.exe

Resource

win7-20240221-en

cobaltstrike 100000000 backdoor trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

8fdcd195bd829919ba267cb650ddb750fb3ffe30d783f21fea25c3fcccf30154.exe

Resource

win10v2004-20240426-en

cobaltstrike 100000000 backdoor trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

C2

http://ns.chinare.cf:53/poll

Attributes

access_type
512
beacon_type
256
dns_idle
1.920103026e+09
host
ns.chinare.cf,/poll
http_method1
GET
http_method2
POST
maxdns
255
polling_time
1000
port_number
53
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqzEJfhNRDTUWc4OFw6QgWMCgtZpCzf+4+RQGYwL9gNHEC7Oh+6fCB3hnfVWpvxm96OVnB0eWJt6P1aNkZxVZ+u6PuqrBRm+Ad5gbjYgujotq7rM44FsmQaZAp8fORER8oRJjuMN1AxEzkj0VjMXZ8LwkT+0lyLqjjmBsdJBcCWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
2.102727936e+09
watermark
100000000

Targets

- Target
  
  8fdcd195bd829919ba267cb650ddb750fb3ffe30d783f21fea25c3fcccf30154
- Size
  
  2.5MB
- MD5
  
  6bfaa5a65025c9762dbd759cf92272bb
- SHA1
  
  1e738b9ba88d27e5a991691c5a60555f2e4af4cc
- SHA256
  
  8fdcd195bd829919ba267cb650ddb750fb3ffe30d783f21fea25c3fcccf30154
- SHA512
  
  f8716ff11bc66c00c7ab472920d1912988c7f846e9e62206198262a243fcda2a0c2cc1542d664e00ff8857d1303a7ba3fb3b15366027ed0b3f62be9e5f9fc351
- SSDEEP
  
  49152:nGkfskurb/ThvO90d7HjmAFd4A64nsfJHJWYSrvauegRRYszTz19+tee2owSdGxz:p3WzOYho7fK
Score

10^/10

cobaltstrike 100000000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cobaltstrike100000000backdoortrojan

behavioral2

cobaltstrike100000000backdoortrojan

© 2018-2024

Terms | Privacy