cobaltstrike | e1b2bfa60387c79a35552e534d0c77220dac00f4a4486404456d28c8b5e91095 | Triage

Sharing

General

Target

e1b2bfa60387c79a35552e534d0c77220dac00f4a4486404456d28c8b5e91095
Size

10KB
Sample

241230-r6nwzsxpal
MD5

b78d5a70083a1e7cc1c430606857e139
SHA1

e1c53596e416010fc588aacd5f8c508eb3f7b083
SHA256

e1b2bfa60387c79a35552e534d0c77220dac00f4a4486404456d28c8b5e91095
SHA512

b9518feada3019d5b12aa971826aaa721e5434482dbfa7e4b7633832f3eff28c24ed480e0df0dc03f10c8c6c2cc8724c073aa3402ca209af0293a7582641cc39
SSDEEP

96:14jJ0VFcoT7mNrkuN2Lutc7mNrkuN2LleAbE/x0K8C8YfsRpBFqtqtgIgkAand45:1HPn+2nROx0K8CFMBOGAand6TNCBJ

Score

10^/10

cobaltstrike metasploit

Malware Config

Extracted

Family

cobaltstrike

C2

http://ntkvgtnp-1001.asse.devtunnels.ms:443/_/passApi/js/wrapper.js

Attributes

user_agent
Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://ntkvgtnp-1001.asse.devtunnels.ms:443/passApi/js/wrapper.js

Targets

- Target
  
  e1b2bfa60387c79a35552e534d0c77220dac00f4a4486404456d28c8b5e91095
- Size
  
  10KB
- MD5
  
  b78d5a70083a1e7cc1c430606857e139
- SHA1
  
  e1c53596e416010fc588aacd5f8c508eb3f7b083
- SHA256
  
  e1b2bfa60387c79a35552e534d0c77220dac00f4a4486404456d28c8b5e91095
- SHA512
  
  b9518feada3019d5b12aa971826aaa721e5434482dbfa7e4b7633832f3eff28c24ed480e0df0dc03f10c8c6c2cc8724c073aa3402ca209af0293a7582641cc39
- SSDEEP
  
  96:14jJ0VFcoT7mNrkuN2Lutc7mNrkuN2LleAbE/x0K8C8YfsRpBFqtqtgIgkAand45:1HPn+2nROx0K8CFMBOGAand6TNCBJ
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

cobaltstrikemetasploit

behavioral1

behavioral2