cobaltstrike

General

Target

ba8bd780a80a17e674a0b3690d6e03ac3328646cf54c7d629b8998ec8bd53ba5
Size

340KB
Sample

240924-yyxbqawelh
MD5

0b3cda042f608c61daac8c3fe445f54b
SHA1

66fb45fe9382a53123f2170aa877f7e41951ff07
SHA256

ba8bd780a80a17e674a0b3690d6e03ac3328646cf54c7d629b8998ec8bd53ba5
SHA512

3b2d6fc5bd01c6d9196aa3129370c964d096794f8af972bb67c23f4e6172bdd89ca60ba994c39acc1c0c3d59ffe7907bc7ae613abc536658009793247a13e5e8
SSDEEP

6144:+keuH6hJkJNM0LtC8Jn819/KYjzXK+io+zphONfC33jxsVn5eNJamOP:N9BJNrC8m/KYXa5j9AC33UZ

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

Attributes

beacon_type
512
http_header1
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
pipe_name
\\.\pipe\ntsvcs1b
polling_time
10000
port_number
4444
sc_process32
%windir%\syswow64\gpupdate.exe
sc_process64
%windir%\sysnative\gpupdate.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4pA/olT0i4ifz5szWb1GVkccbj10Ivj3xRk4H9m2WHnwVdCczZvOHOWSgFhHRXpPdwVtHDuYFzrYVieWD8ieC2ZRXYF6IQIVN4YwBdYRj3YvHIXqD9AUzlWUC/PvtLoVEOq4FEq8tw/h1ss427LELBF1rLrOhxlrzINghwfYEQQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
8192
unknown2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
watermark
391144938

Targets

- Target
  
  ba8bd780a80a17e674a0b3690d6e03ac3328646cf54c7d629b8998ec8bd53ba5
- Size
  
  340KB
- MD5
  
  0b3cda042f608c61daac8c3fe445f54b
- SHA1
  
  66fb45fe9382a53123f2170aa877f7e41951ff07
- SHA256
  
  ba8bd780a80a17e674a0b3690d6e03ac3328646cf54c7d629b8998ec8bd53ba5
- SHA512
  
  3b2d6fc5bd01c6d9196aa3129370c964d096794f8af972bb67c23f4e6172bdd89ca60ba994c39acc1c0c3d59ffe7907bc7ae613abc536658009793247a13e5e8
- SSDEEP
  
  6144:+keuH6hJkJNM0LtC8Jn819/KYjzXK+io+zphONfC33jxsVn5eNJamOP:N9BJNrC8m/KYXa5j9AC33UZ
Score

10^/10

cobaltstrike 391144938 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2