cobaltstrike | 3c67ab82720d3b7d1436b386b7240c9dcccf595137850ceab3135370038f83e6 | Triage

Submit
Reports

Overview

overview

Static

static

8

插件升级.exe

windows7_x64

8

插件升级.exe

windows10_x64

Sharing

General

Target

3c67ab82720d3b7d1436b386b7240c9dcccf595137850ceab3135370038f83e6.rar
Size

4.7MB
Sample

201112-vh8wx53p8x
MD5

16ad9d9f563bc5f3a4e6feef496035a8
SHA1

6b2037d73b7afcd9869a86b282783a483df7f100
SHA256

3c67ab82720d3b7d1436b386b7240c9dcccf595137850ceab3135370038f83e6
SHA512

4229f290351e947cfdd6bba0c0303c8d4cb757bd40d6ca3a42897d5394a66b0c473e536c02b8859ccd8506075240cf2ed986aea0a93d5c0d2497781af8c43b20

Score

10^/10

cobaltstrike backdoor persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

插件升级.exe

Resource

win7v20201028

persistence upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

插件升级.exe

Resource

win10v20201028

cobaltstrike backdoor persistence trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  插件升级.exe
- Size
  
  148KB
- MD5
  
  76da6b8def232c26d12c0d7510d395cf
- SHA1
  
  7bc2bdb08a9ef794d5ab454e43e31f003f953b91
- SHA256
  
  1ad6475af8ddde5f8b1be0ace9c7bc9db6edf5ed37f47bc0056e68e53d17227a
- SHA512
  
  1de410712646b7f3ed2e07db834a62467ce7e54e5816e635c6e0102997448bf0364871fd17d28d2aa926abf8d06f26ebab5b7957d61ebd8a11b2a2083fa084e0
Score

10^/10

persistence upx cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Suspicious use of NtCreateProcessExOtherParentProcess
- ServiceHost packer
  Detects ServiceHost packer used for .NET malware
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoorpersistencetrojanupx

© 2018-2024

Terms | Privacy