cobaltstrike | 179e81026bfc0421775578051b9cfc7ad231f84cdcada263fa64aa6f685aaf36 | Triage

Sharing

General

Target

2b2ea98683faa0604702b3fe02e3a7219b452435a76ce28dd621b542fa3e477e.zip
Size

112KB
Sample

240726-2b5w5asalh
MD5

90ea8c738c8a5de592f3a0f516d36a83
SHA1

d063353503b89f2cfcacdcc0c8769e08cc4eb62e
SHA256

179e81026bfc0421775578051b9cfc7ad231f84cdcada263fa64aa6f685aaf36
SHA512

c03d49d7a9d77aee7cae0d51eed5e1aa08cee849b7117cee0d0cce4b04ac5640516bc465c3d2a929859b36ae08c04aca4b0f83f93544952a4b39f5c8cce1fdf2
SSDEEP

3072:EMwzRAEyKFQ3CNYernDXEHj7FT8dWXQ8LXPWdxP:/LtKJYerDXAj77XQ8LXUP

Score

10^/10

cobaltstrike 305419896 discovery

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://192.168.145.130:80/cm

Attributes

access_type
512
host
192.168.145.130,/cm
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
polling_time
60000
port_number
80
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTUlJ7J79z/MkkV8+MsYlOvREE2hhdGNzrKPFZ10lY0K5legA+um5JxESEaC0woDgSmOGrkh1giz/aQwd6tG4mihFgpi0oIbfwu6XZbE6ghYGyu2F7+A5TifRUzvU0YLXjK78EW12XhjHx4KopMF/AtOAueGwfiI2DmXwNzrBDvwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1)
watermark
305419896

Targets

- Target
  
  2b2ea98683faa0604702b3fe02e3a7219b452435a76ce28dd621b542fa3e477e
- Size
  
  204KB
- MD5
  
  4514b7fea1b8bb31a923564ff8ee8cd9
- SHA1
  
  a5789df1bb1dcbbc061c617065e5bee1d3719824
- SHA256
  
  2b2ea98683faa0604702b3fe02e3a7219b452435a76ce28dd621b542fa3e477e
- SHA512
  
  5fa623c17172ba7d0a3790b9e46aaea75276f586aebb9a848f8c8fa5a024870741835781538caa7c584253038c36195a81a0253f0fbec2e8c05ebcb3b37fa498
- SSDEEP
  
  3072:5dFna2JSkcrnYSdM50RAXSPy0qUiS0Lxh5H4evyzUhjQUY5ND:FRYkcrY4MCIt07iPlvU0jo
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

305419896cobaltstrike

behavioral1

behavioral2