Overview

overview

10

Static

static

40e85653ab...52.exe

windows7_x64

10

40e85653ab...52.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    40e85653abe687ddfd95b67a5f5dd452.exe

  • Size

    403KB

  • Sample

    201112-jr2ff5m7fn

  • MD5

    40e85653abe687ddfd95b67a5f5dd452

  • SHA1

    76eccc09ca37441e3f2b85e1bdeedaf33d434f1e

  • SHA256

    5d788fe9005c1db5c67e38ec338c023856c8d71f20e137020fbc292e216d3997

  • SHA512

    78641bfcf5d56f657a4d758807077563b8a80ed1fa6bdbfac65454b2a721474ef3813e189ac1c2a0091cc79bf3ed44252e31f8216598db4cb2c0503171b4be57

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://Uw0soheevahjahsaifae.glowtrow.fun:443/image/

http://bah1tuquaizia9eu3Ume.glowtrow.site:443/created/

http://seudaize6io3Go0quahC.cleans.space:443/static/

Targets

    • Target

      40e85653abe687ddfd95b67a5f5dd452.exe

    • Size

      403KB

    • MD5

      40e85653abe687ddfd95b67a5f5dd452

    • SHA1

      76eccc09ca37441e3f2b85e1bdeedaf33d434f1e

    • SHA256

      5d788fe9005c1db5c67e38ec338c023856c8d71f20e137020fbc292e216d3997

    • SHA512

      78641bfcf5d56f657a4d758807077563b8a80ed1fa6bdbfac65454b2a721474ef3813e189ac1c2a0091cc79bf3ed44252e31f8216598db4cb2c0503171b4be57

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks