Overview

overview

10

Static

static

339c7ac759...02.exe

windows7_x64

10

339c7ac759...02.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    339c7ac759b7ef0ab8e2a9434f53fcd212786575b08b4b41687ab10fdcf2c502

  • Size

    17KB

  • Sample

    210507-lrffjyl1w6

  • MD5

    60a1bfe619b2dc1cec9f3f61762255f4

  • SHA1

    0c71506f28da58c9c90a0008eafae21309f729b7

  • SHA256

    339c7ac759b7ef0ab8e2a9434f53fcd212786575b08b4b41687ab10fdcf2c502

  • SHA512

    1bbeddebc065360a49b0cea2a0e876a6237baca850cb75f73ee94fb6c37858c0c2f1274fe9a5a4ee2a8e739a3385d389ba702130a8dea98adde4043820bc926c

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://95.181.157.170:80/uNIQ

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)

Targets

    • Target

      339c7ac759b7ef0ab8e2a9434f53fcd212786575b08b4b41687ab10fdcf2c502

    • Size

      17KB

    • MD5

      60a1bfe619b2dc1cec9f3f61762255f4

    • SHA1

      0c71506f28da58c9c90a0008eafae21309f729b7

    • SHA256

      339c7ac759b7ef0ab8e2a9434f53fcd212786575b08b4b41687ab10fdcf2c502

    • SHA512

      1bbeddebc065360a49b0cea2a0e876a6237baca850cb75f73ee94fb6c37858c0c2f1274fe9a5a4ee2a8e739a3385d389ba702130a8dea98adde4043820bc926c

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks