cobaltstrike | 5b563863e1485dc049c35737168358aa6005d40a4131d8799283d62640f71704

Analysis

max time kernel
140s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b563863e1485dc049c35737168358aa6005d40a4131d8799283d62640f71704.exe
Size

2.4MB
MD5

029bc109b2fe5806b14399055e13141b
SHA1

9e2d86738ccf2a71c115741ad7ff60a9e1c5e4ad
SHA256

5b563863e1485dc049c35737168358aa6005d40a4131d8799283d62640f71704
SHA512

abe3dc5a64f4ab4f41a160e1ae16e4b2f2d8ead6da5450dbda6444ed372fd85f59ec6885144530c1bf1dc834cbb3dad09d3360a00f0449d9d74a2468c1b75d1c
SSDEEP

3072:Yq0019AGduuEXLR8RaY4GcIm1sgIkDHQtoI12aG9ZRVuFduz3Tn4cr8wa3Ba:Y8qcuF8RaY4lkSMPG9j3Tn4crn0Ba

Score

10^/10

cobaltstrike 305419896 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

http://123.60.182.88:443/image/

Attributes

access_type
512
beacon_type
2048
host
123.60.182.88,/image/
http_header1
AAAACgAAAEhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKmw7cT0wLjgAAAAKAAAAHlJlZmVyZXI6IGh0dHA6Ly93d3cuZ29vZ2xlLmNvbQAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAgAAAABAAAABC5qcGcAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAoAAAAeUmVmZXJlcjogaHR0cDovL3d3dy5nb29nbGUuY29tAAAACgAAABBQcmFnbWE6IG5vLWNhY2hlAAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAcAAAAAAAAACwAAAAEAAAAELnBuZwAAAAwAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKfQsK6jRqz/XibYZiujs840W/Qin1Mz6NEBz5TJEv973t4FQMuJyQRgs0BwV3BTD6Nw4WVnVmx7gPMtXjPrRbpF1p/B/KKw1IcsGtg4QyjhQ9Wz04eQrnoXcwUuuJxl0Sr+yOvMHJWAgZfjhNo5q5t1chNPa6hCvbP4qmbsqh0QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/email/
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENIN)
watermark
305419896

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

C:\Users\Admin\AppData\Local\Temp\5b563863e1485dc049c35737168358aa6005d40a4131d8799283d62640f71704.exe
"C:\Users\Admin\AppData\Local\Temp\5b563863e1485dc049c35737168358aa6005d40a4131d8799283d62640f71704.exe"
1⤵
PID:4584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4584-0-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/4584-1-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/4584-3-0x000001FDD5130000-0x000001FDD5170000-memory.dmp

Filesize
256KB

Download
memory/4584-5-0x000001FDD5170000-0x000001FDD51BC000-memory.dmp

Filesize
304KB

Download
memory/4584-6-0x00007FF7DBA70000-0x00007FF7DBCE2000-memory.dmp

Filesize
2.4MB

Download
memory/4584-7-0x000001FDD5170000-0x000001FDD51BC000-memory.dmp

Filesize
304KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads