cobaltstrike

Sharing

Copy URL

Twitter E-mail

General

Target

64810f5064b27145b9a0c749d2dd0049203d732b926eb56f085f65c6617ef62a.zip
Size

130KB
Sample

240624-cq3ymsvdmg
MD5

80ef1f77c3e040b9bcac37fd3465b9ea
SHA1

793c0b4bea03296b1c8bf4c7c405e01f8fb4ceca
SHA256

4f9338525f02535c0761bc42337a4edec07f93d593c3f1cb6f25a11835ebefba
SHA512

b6570dc79f84b3fb06a0dc66a19ea11a6750dd0b7f2bca5303c573ff24ef29f5bb70b882e1004e4dcb0cd82241bf7182403bff18f599f1d6930dbedc31b5b09f
SSDEEP

3072:GyNoEebapKIcd5EUlcEqxpzDOioXGI4ihPwTyrIlXxtSc:1N1RKIcd5PeESxGRQyri+c

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

987654321

http://123.207.217.199:60080/g.pixel

Attributes

access_type
512
beacon_type
2048
host
123.207.217.199,/g.pixel
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
60080
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl9Ufs3Hc5cfwQAh40fE6N/MHWWfLgRAbrAXXHAVSqQBkn5hAWMgF4J4l2JfS/5abhI7KrV5CoHZsD2UrAA0zNPzK/8BjeHl0fYOPgUVgIfqaADeGn8IS/HUT8mvll8cG4R7dwqXU5+MPJicEehnY11ofxNM+stiet1eAYkvGBFwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
watermark
987654321

Extracted

Family

cobaltstrike

Botnet

Attributes

watermark
0

Targets

- Target
  
  64810f5064b27145b9a0c749d2dd0049203d732b926eb56f085f65c6617ef62a
- Size
  
  272KB
- MD5
  
  6ac8a1de423673f9e0ee02b0655eec03
- SHA1
  
  ebdff66c0899ce01db30e2db7a819ce9f8eeb080
- SHA256
  
  64810f5064b27145b9a0c749d2dd0049203d732b926eb56f085f65c6617ef62a
- SHA512
  
  15acb876cd484ee9eb77b60c186d50e428bba2990d0f1e3669e4737c078d3cf9bdd020379f3521d660c16a146b8fe078362e31a644037e6456c3837bc9669b04
- SSDEEP
  
  3072:rzbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnL7zPGIkfhUYJF6vzHkQ:rzbUWootfDCvT4ZTXzCLmIk5UDLXrKM
Score

10^/10

cobaltstrike 0 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2