cobaltstrike | 52bbe09c7150ea66269c71bac8d0237fb0e6b0cae4ca63ab19807c310d6a1a0b | Triage

Submit
Reports

Overview

overview

Static

static

Sandra

windows10_x64

Win10Max

windows10_x64

Sharing

General

Target

AnnualReport.exe
Size

441KB
Sample

210203-l7gxbpmxls
MD5

2c00aaba1bad8a20cf1f154646e50878
SHA1

314c5dd041216b0eb130075961ab660004e39fdf
SHA256

52bbe09c7150ea66269c71bac8d0237fb0e6b0cae4ca63ab19807c310d6a1a0b
SHA512

f6b48cb567a808b2b25b113a84476178ae42ffa7f4d47e03f6ca0c3e31762316f539d1913afedb88de28a6164c6551705130f28a66bdedfd4d182cf1cdd37ce0

Score

10^/10

cobaltstrike backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

AnnualReport.exe

Resource

win10v20201028

cobaltstrike backdoor trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

AnnualReport.exe

Resource

win10v20201028

cobaltstrike backdoor trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

cobaltstrike

Version

windows/download_exec

C2

http://topservicebin.com:443/wp-includes/eo.png

Targets

- Target
  
  AnnualReport.exe
- Size
  
  441KB
- MD5
  
  2c00aaba1bad8a20cf1f154646e50878
- SHA1
  
  314c5dd041216b0eb130075961ab660004e39fdf
- SHA256
  
  52bbe09c7150ea66269c71bac8d0237fb0e6b0cae4ca63ab19807c310d6a1a0b
- SHA512
  
  f6b48cb567a808b2b25b113a84476178ae42ffa7f4d47e03f6ca0c3e31762316f539d1913afedb88de28a6164c6551705130f28a66bdedfd4d182cf1cdd37ce0
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Suspicious use of NtCreateProcessExOtherParentProcess
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan

© 2018-2024

Terms | Privacy