cobaltstrike

General

Target

beacon10-32.exe
Size

281KB
Sample

240723-fnx66azbjj
MD5

182f9873be5028a351da4151a4199a13
SHA1

a466784964eb139de9c46311495ca1868895c0ef
SHA256

09548cb5ce8005bc036e8706e967fe9c7796228031ad319a42ad0d23c1b6be57
SHA512

78b235146fa13f0f2bd78bf4ef8d968562d5ea812e9c66ab9dbc16030afeacbfa351d844217fee6693a1d3f1f63293d5cffe4043d7e26f2eaa9fd0b26c40df89
SSDEEP

3072:LiacBM4uJAeyTIz8w3NVDFG3FTLWPIktPnddC3xKS12D1ZJN3u8a5gcrl9OgN9z6:LiaawJAXjOrFwMPnKxDMru8snOSKXm

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://128.199.15.160:8080/activity

Attributes

access_type
512
host
128.199.15.160,/activity
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
polling_time
60000
port_number
8080
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtCn5iCi+YLOzSHzWWGn0CAC/24ExcoUg5jIv7S+rccrM37+W3/gIZ+1T5oX1w/T0g48YrU+loE6CwdwRc1LfvnnQ0UKhbqNJbtlUAwAvNzQBZTVTQ2iSCmCfLtaZCSOCCFlwCTduzHhF6aaSYk9MAbos7dPjIpXe5atK5+K8EzwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; ASU2JS)
watermark
305419896

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Targets

- Target
  
  beacon10-32.exe
- Size
  
  281KB
- MD5
  
  182f9873be5028a351da4151a4199a13
- SHA1
  
  a466784964eb139de9c46311495ca1868895c0ef
- SHA256
  
  09548cb5ce8005bc036e8706e967fe9c7796228031ad319a42ad0d23c1b6be57
- SHA512
  
  78b235146fa13f0f2bd78bf4ef8d968562d5ea812e9c66ab9dbc16030afeacbfa351d844217fee6693a1d3f1f63293d5cffe4043d7e26f2eaa9fd0b26c40df89
- SSDEEP
  
  3072:LiacBM4uJAeyTIz8w3NVDFG3FTLWPIktPnddC3xKS12D1ZJN3u8a5gcrl9OgN9z6:LiaawJAXjOrFwMPnKxDMru8snOSKXm
Score

10^/10

cobaltstrike 0 305419896 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2