cobaltstrike

General

Target

243d389652136a98e7a0bb593fb7804ec765bec1c4e12032b5ffe772fa5382c5
Size

6.5MB
Sample

250519-jq8x8acq4w
MD5

aac8fc34a5767346c0be60309b974589
SHA1

2b294e59ff8eebcde40b345f04a13aae4514c879
SHA256

243d389652136a98e7a0bb593fb7804ec765bec1c4e12032b5ffe772fa5382c5
SHA512

26e55634b53891d7bf4ec1b1211b8f923dbb379c313ae42d7c46768ea7fb7c9e240f2e5f40e31a1f27b9c4d20c6928ec35e12eb0c34fdbf92fd48ae80815f0c1
SSDEEP

196608:4Ao/KmvdsCncngomn9VHGDZCTlSCC4/X9X:QfvaCncnH07mUC4R

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

C2

http://189.1.223.179:80/pJOT

Attributes

user_agent
User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40 Host: 360.net

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://189.1.223.179:80/c/msdownload/update/others/2024/10/29136388_

Attributes

access_type
512
host
189.1.223.179,/c/msdownload/update/others/2024/10/29136388_
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAgSG9zdDogZG93bmxvYWQud2luZG93c3VwZGF0ZS5jb20AAAAHAAAAAAAAAAMAAAACAAAACFNFU1NJT049AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAgSG9zdDogZG93bmxvYWQud2luZG93c3VwZGF0ZS5jb20AAAAHAAAAAAAAAAUAAAAJdXBkYXRlX2lkAAAABwAAAAEAAAADAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
12800
polling_time
3000
port_number
80
sc_process32
%windir%\syswow64\wusa.exe
sc_process64
%windir%\sysnative\wusa.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCSUrGN7hLyGmd8+THYMxuGnFsO2j+BtzhIDHy3GxOKIEfkMEyvzq0cIdqwmo8VzveJ3CgUAm6ssSv7YygDYouYZxsb7ceQX+MKR7VNpCTcemh5108jtVwLJc5Vo0IKrfEmCRmDtaIqFC0bEqTzx4/jLsB/xKCM8lXF7Z68yMRWwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/c/msdownload/update/others/2024/10/28986731_
user_agent
Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40
watermark
100000

Targets

- Target
  
  243d389652136a98e7a0bb593fb7804ec765bec1c4e12032b5ffe772fa5382c5
- Size
  
  6.5MB
- MD5
  
  aac8fc34a5767346c0be60309b974589
- SHA1
  
  2b294e59ff8eebcde40b345f04a13aae4514c879
- SHA256
  
  243d389652136a98e7a0bb593fb7804ec765bec1c4e12032b5ffe772fa5382c5
- SHA512
  
  26e55634b53891d7bf4ec1b1211b8f923dbb379c313ae42d7c46768ea7fb7c9e240f2e5f40e31a1f27b9c4d20c6928ec35e12eb0c34fdbf92fd48ae80815f0c1
- SSDEEP
  
  196608:4Ao/KmvdsCncngomn9VHGDZCTlSCC4/X9X:QfvaCncnH07mUC4R
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Cobaltstrike family
  cobaltstrike
- Loads dropped DLL
behavioral1