cobaltstrike | 132d7c9fb98d25448d2e7dc93bdca6d804e17a206cf5a49fcbe4b682225a8cdd | Triage

Sharing

General

Target

41aa0081_by_Libranalysis
Size

15KB
Sample

210430-a52jek6x6j
MD5

41aa008185070288d9ed724f7b6d019e
SHA1

c98c994bbd246a7e7393fc3ceb1797a894b31ed0
SHA256

132d7c9fb98d25448d2e7dc93bdca6d804e17a206cf5a49fcbe4b682225a8cdd
SHA512

0cfe8763f8af0778e460b26e6903ef0aa2a8fefe24f3d32c5e731acd516fec5cfdf48a70b356c1ad3145796fec020bf4d35b96831e74cb0ddd64a150598945b0

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.213.170:806/Rpc

Attributes

user_agent
Host: outlook.live.com Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)

Targets

- Target
  
  b86f05022834b63e29afc18378b503917c1b271d6254a703e558b72e1dacafc2
- Size
  
  61KB
- MD5
  
  309428cf862018e10264ae249398c09f
- SHA1
  
  226789020acd5998326c0b6b51c6137de9ec827d
- SHA256
  
  b86f05022834b63e29afc18378b503917c1b271d6254a703e558b72e1dacafc2
- SHA512
  
  f1e742031586c5275121623447402d76830ad93b8acec94cf073de824752cbc7b9422a6e0907170378a15f41d62c8dbc7eb1b6c52d892b0011872878e396f823
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan