cobaltstrike

General

Target

d3642eecea152944638ff479dce504550411d7b300ec177581db27c0388d7244
Size

13.0MB
Sample

241120-phcgyawerh
MD5

ef0c64a9259d8b580e491da5d64d6a2c
SHA1

34d75ebb940648e3413976c4c3ba8225070a3226
SHA256

d3642eecea152944638ff479dce504550411d7b300ec177581db27c0388d7244
SHA512

47f622240e0786ba6b7c71abf6e9451091696422eb031b4a43e1c4fe4868105c0d48691be33fd1e590dea0d6f6231d8363dccabd7b889e8e091dce71b19a92de
SSDEEP

196608:ej4dl/Dasue0DNX6y0cwnLdJN78tHHiSQL/unIPJLv2BbDefSe0Q7dM90rzem:ej4dl4exy0hnJJX//uIP4Bbqv0p9

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://123.60.182.88:443/image/

Attributes

access_type
512
beacon_type
2048
host
123.60.182.88,/image/
http_header1
AAAACgAAAEhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKmw7cT0wLjgAAAAKAAAAHlJlZmVyZXI6IGh0dHA6Ly93d3cuZ29vZ2xlLmNvbQAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAgAAAABAAAABC5qcGcAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAoAAAAeUmVmZXJlcjogaHR0cDovL3d3dy5nb29nbGUuY29tAAAACgAAABBQcmFnbWE6IG5vLWNhY2hlAAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAcAAAAAAAAACwAAAAEAAAAELnBuZwAAAAwAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKfQsK6jRqz/XibYZiujs840W/Qin1Mz6NEBz5TJEv973t4FQMuJyQRgs0BwV3BTD6Nw4WVnVmx7gPMtXjPrRbpF1p/B/KKw1IcsGtg4QyjhQ9Wz04eQrnoXcwUuuJxl0Sr+yOvMHJWAgZfjhNo5q5t1chNPa6hCvbP4qmbsqh0QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.481970944e+09
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/email/
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENIN)
watermark
305419896

Targets

- Target
  
  d3642eecea152944638ff479dce504550411d7b300ec177581db27c0388d7244
- Size
  
  13.0MB
- MD5
  
  ef0c64a9259d8b580e491da5d64d6a2c
- SHA1
  
  34d75ebb940648e3413976c4c3ba8225070a3226
- SHA256
  
  d3642eecea152944638ff479dce504550411d7b300ec177581db27c0388d7244
- SHA512
  
  47f622240e0786ba6b7c71abf6e9451091696422eb031b4a43e1c4fe4868105c0d48691be33fd1e590dea0d6f6231d8363dccabd7b889e8e091dce71b19a92de
- SSDEEP
  
  196608:ej4dl/Dasue0DNX6y0cwnLdJN78tHHiSQL/unIPJLv2BbDefSe0Q7dM90rzem:ej4dl4exy0hnJJX//uIP4Bbqv0p9
Score

10^/10

cobaltstrike 305419896 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Cobaltstrike family
  cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Cobaltstrike family

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2