cobaltstrike

General

Target

2e21680205028b178cc7f0d2e2db9d72.virus
Size

281KB
Sample

240917-ja18fa1ele
MD5

2e21680205028b178cc7f0d2e2db9d72
SHA1

8ff1029bb947fde36cb18c79e4490022132d6abb
SHA256

8959484be754f653cad2d2032f0d3990dbe81ad15abd3131f1cfe7444b23164a
SHA512

6ff5b4af41cea682577dc711c3a033432c2cd29e419c5ffcb9ede6b3db1129dd35ce93a9009c581080230b96700277c68e6486a117ca33a15a94754ac84dafcf
SSDEEP

6144:VC/wNRkS+G+YoZgh15P8yGKpQUiEcVAS1OW6PDN5:XNKNGKgpHG3U33

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://192.168.31.216:9999/api/x

Attributes

access_type
512
host
192.168.31.216,/api/x
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
5000
port_number
9999
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnCZHWnYFqYB/6gJdkc4MPDTtBJ20nkEAd3tsY4tPKs8MV4yIjJb5CtlrbKHjzP1oD/1AQsj6EKlEMFIKtakLx5+VybrMYE+dDdkDteHmVX0AeFyw001FyQVlt1B+OSNPRscKI5sh1L/ZdwnrMy6S6nNbQ5N5hls6k2kgNO5nQ7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/api/y
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
watermark
1359593325

Targets

- Target
  
  2e21680205028b178cc7f0d2e2db9d72.virus
- Size
  
  281KB
- MD5
  
  2e21680205028b178cc7f0d2e2db9d72
- SHA1
  
  8ff1029bb947fde36cb18c79e4490022132d6abb
- SHA256
  
  8959484be754f653cad2d2032f0d3990dbe81ad15abd3131f1cfe7444b23164a
- SHA512
  
  6ff5b4af41cea682577dc711c3a033432c2cd29e419c5ffcb9ede6b3db1129dd35ce93a9009c581080230b96700277c68e6486a117ca33a15a94754ac84dafcf
- SSDEEP
  
  6144:VC/wNRkS+G+YoZgh15P8yGKpQUiEcVAS1OW6PDN5:XNKNGKgpHG3U33
Score

10^/10

cobaltstrike 1359593325 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2