cobaltstrike

General

Target

61b40a6960c50aaa89bdb2c58a39f911b97e5633f7c1e0eb2dded98944ba03b5
Size

341KB
Sample

240925-11n48szglj
MD5

03940bc07f5b974fbf2a01ebb5dae863
SHA1

7d4fed9bcd242936be252add96b2ba18b608f2fd
SHA256

61b40a6960c50aaa89bdb2c58a39f911b97e5633f7c1e0eb2dded98944ba03b5
SHA512

e94a72eaf397f8db7a48fe23b2954ed11ad586f7b105f539f990fa5df624644f4459c261ad1ad78aba679f0be690333f0d1a7ec9bb686d59d7339717f3d229e8
SSDEEP

6144:3MVz6EQhrHRYda28n8e+qOFTtoSDQzlBWWhWh3w95/A:3u8HRYg28n8VlszlBWHw

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

391144938

Attributes

beacon_type
4096
http_header1
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
polling_time
10000
port_number
22006
sc_process32
%windir%\syswow64\gpupdate.exe
sc_process64
%windir%\sysnative\gpupdate.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4pA/olT0i4ifz5szWb1GVkccbj10Ivj3xRk4H9m2WHnwVdCczZvOHOWSgFhHRXpPdwVtHDuYFzrYVieWD8ieC2ZRXYF6IQIVN4YwBdYRj3YvHIXqD9AUzlWUC/PvtLoVEOq4FEq8tw/h1ss427LELBF1rLrOhxlrzINghwfYEQQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
8192
unknown2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
watermark
391144938

Targets

- Target
  
  61b40a6960c50aaa89bdb2c58a39f911b97e5633f7c1e0eb2dded98944ba03b5
- Size
  
  341KB
- MD5
  
  03940bc07f5b974fbf2a01ebb5dae863
- SHA1
  
  7d4fed9bcd242936be252add96b2ba18b608f2fd
- SHA256
  
  61b40a6960c50aaa89bdb2c58a39f911b97e5633f7c1e0eb2dded98944ba03b5
- SHA512
  
  e94a72eaf397f8db7a48fe23b2954ed11ad586f7b105f539f990fa5df624644f4459c261ad1ad78aba679f0be690333f0d1a7ec9bb686d59d7339717f3d229e8
- SSDEEP
  
  6144:3MVz6EQhrHRYda28n8e+qOFTtoSDQzlBWWhWh3w95/A:3u8HRYg28n8VlszlBWHw
Score

10^/10

cobaltstrike 391144938 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2