cobaltstrike

General

Target

d3c97d4add44c3aeae919206a0e15e91c859b0f2014eefe8c85cf847fad2c132
Size

1.5MB
Sample

240915-nj1qgssbrk
MD5

57aabddfc2bbcd80f9eb07dd30fd9834
SHA1

4b58b33ae527cc9614dea46167d46b6f6ab43334
SHA256

d3c97d4add44c3aeae919206a0e15e91c859b0f2014eefe8c85cf847fad2c132
SHA512

e7e09b4664cd8dd35935f83c6bdf12d92620a172628b1f275f691283e19b391eebe636275d1d29101b0d8bca09db9aa8be6b0e07bdafb25af8c252458b0d7aa0
SSDEEP

24576:RiHgLZUmj/tKNw5j0509GTY+UUcShhKJELdcW1:4Hsemj/tKNKj0C9GTE38a

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://43.156.44.66:20665/jquery-3.3.1.min.js

Attributes

access_type
512
beacon_type
2048
host
43.156.44.66,/jquery-3.3.1.min.js
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADQAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAAFAAAACF9fY2ZkdWlkAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
12800
polling_time
1000
port_number
20665
sc_process32
%windir%\syswow64\WerFault.exe
sc_process64
%windir%\sysnative\WerFault.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXR6dEL2D5D5PA0hFqADKMvQ60p56YoPVQbuEx+kAUCiYpCwNgOc+QWflJNwmd1P+Qqlpsnula1MPg8XFvV1MYBNyzWtyVSkd5+12DwvJ4yQ1itGOOJt/u/dVPodhTlTLl8G//5ibjH/LXduCfPZmQUmL5kApcSCnAe+C21IpP3QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.234810624e+09
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/jquery-3.3.2.min.js
user_agent
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
watermark
100000

Targets

- Target
  
  d3c97d4add44c3aeae919206a0e15e91c859b0f2014eefe8c85cf847fad2c132
- Size
  
  1.5MB
- MD5
  
  57aabddfc2bbcd80f9eb07dd30fd9834
- SHA1
  
  4b58b33ae527cc9614dea46167d46b6f6ab43334
- SHA256
  
  d3c97d4add44c3aeae919206a0e15e91c859b0f2014eefe8c85cf847fad2c132
- SHA512
  
  e7e09b4664cd8dd35935f83c6bdf12d92620a172628b1f275f691283e19b391eebe636275d1d29101b0d8bca09db9aa8be6b0e07bdafb25af8c252458b0d7aa0
- SSDEEP
  
  24576:RiHgLZUmj/tKNw5j0509GTY+UUcShhKJELdcW1:4Hsemj/tKNKj0C9GTE38a
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2