General
-
Target
2024-05-31_7176b18107d741b79247c7270b9506a0_cobalt-strike_cobaltstrike
-
Size
343KB
-
Sample
240531-blx16aae72
-
MD5
7176b18107d741b79247c7270b9506a0
-
SHA1
7c3db74789ab8b18b397cb370502c6d5f435cab4
-
SHA256
68991c189eaae98afa747141380d9502aa4341d28483c0c218e2cac1a4bb3201
-
SHA512
77536b1c09beaf765eee93c6aab95c6ceb3a5881818e5d3bf5335b99b5432c3cc0d17a3916bfd9361a41bbf2cd591dfe775d33ac542f2338bb094c83e7414b12
-
SSDEEP
6144:KAOQBvU4wuLBTl6e8+oVGj4IpQjj4O8769hnPI5xRoQhzYSV7QwuEywn:KAOQBQuLBsyoVGjFGjj18769hQ5voQeQ
Behavioral task
behavioral1
Sample
2024-05-31_7176b18107d741b79247c7270b9506a0_cobalt-strike_cobaltstrike.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2024-05-31_7176b18107d741b79247c7270b9506a0_cobalt-strike_cobaltstrike.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
2029893175
http://10.20.10.105:80/get
-
access_type
512
-
host
10.20.10.105,/get
-
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi1VUwAAAAcAAAAAAAAADwAAAAMAAAACAAAANXdvcmRwcmVzc19sb2dnZWRfaW5fMTg3MGE4MjlkOWJjNjlhYmY1MDBlY2E2ZjAwMjQxZmU9AAAABgAAAAZDb29raWUAAAAJAAAAC3Rlcm1zPWZhbHNlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi1VUwAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAAsAAAADAAAAAgAAAApvcGVyYXRpb249AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
10496
-
polling_time
56171
-
port_number
80
-
sc_process32
%windir%\syswow64\svchost.exe
-
sc_process64
%windir%\sysnative\svchost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIT1frtVzQ67GJ6RBES8Dz7ZhB2LJp7kcIbevK+sIDTeEJor/wBT0drEjHtPIYwo7m4hCBy1F3mx+QTNxORmfEFz8IUpo87NleuDw4Xr+Z4vo7o84zDcCOkVu9oZZIg3BNq+1iHustJZ5z9EKZxwu0Rad5MBm1r3Cb4jEy0dB5UQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
5.10860288e+08
-
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/mobile-ipad-home
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
-
watermark
2029893175
Targets
-
-
Target
2024-05-31_7176b18107d741b79247c7270b9506a0_cobalt-strike_cobaltstrike
-
Size
343KB
-
MD5
7176b18107d741b79247c7270b9506a0
-
SHA1
7c3db74789ab8b18b397cb370502c6d5f435cab4
-
SHA256
68991c189eaae98afa747141380d9502aa4341d28483c0c218e2cac1a4bb3201
-
SHA512
77536b1c09beaf765eee93c6aab95c6ceb3a5881818e5d3bf5335b99b5432c3cc0d17a3916bfd9361a41bbf2cd591dfe775d33ac542f2338bb094c83e7414b12
-
SSDEEP
6144:KAOQBvU4wuLBTl6e8+oVGj4IpQjj4O8769hnPI5xRoQhzYSV7QwuEywn:KAOQBQuLBsyoVGjFGjj18769hQ5voQeQ
Score1/10 -