Overview

overview

10

Static

static

koba.exe

windows7_x64

8

koba.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    koba.exe

  • Size

    1.3MB

  • Sample

    201112-qhhgc69m42

  • MD5

    9353d01ebee0c3e51ab99756ed0d5858

  • SHA1

    278da5b7c4be0653562efa612198139ec8e3ccb4

  • SHA256

    3f92929879f642470b73488aa719ae8c044a302969d14e70ea1ec2a1fda59bd3

  • SHA512

    df48dea57dcd405713b7bfc4eab0671fee37785f63639a47ba32c13169e4843b6467b29c3b7983c2212c5f0055aabbf8e181e2b97b442bdb488635b9e0562b4a

Score
10/10
cobaltstrikebackdoorpersistencetrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://Uw0soheevahjahsaifae.glowtrow.fun:443/image/

http://bah1tuquaizia9eu3Ume.glowtrow.site:443/created/

http://seudaize6io3Go0quahC.cleans.space:443/static/

Targets

    • Target

      koba.exe

    • Size

      1.3MB

    • MD5

      9353d01ebee0c3e51ab99756ed0d5858

    • SHA1

      278da5b7c4be0653562efa612198139ec8e3ccb4

    • SHA256

      3f92929879f642470b73488aa719ae8c044a302969d14e70ea1ec2a1fda59bd3

    • SHA512

      df48dea57dcd405713b7bfc4eab0671fee37785f63639a47ba32c13169e4843b6467b29c3b7983c2212c5f0055aabbf8e181e2b97b442bdb488635b9e0562b4a

    Score
    10/10
    persistencecobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks