Overview

overview

10

Static

static

051243b7e0...in.exe

windows7_x64

10

051243b7e0...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    051243b7e0082007493c576d3b896cbf3eeec3cf9572ee669ee0f4d7dca0570d.bin

  • Size

    7.1MB

  • Sample

    210728-zxva93ldea

  • MD5

    ab75f4edb052dbb0ec99f5f8308c8202

  • SHA1

    7f885b74a03bafc5a8349837d140214f75023d78

  • SHA256

    051243b7e0082007493c576d3b896cbf3eeec3cf9572ee669ee0f4d7dca0570d

  • SHA512

    6b0fb6c41e396f939d7aac04753b330eb6625f6098178c17ba96ed23d3a3c10b829c5cc4451d4c4acb5ca714672ca75beeeeca8d2af3e59d7ef8595091c2ddf5

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://8.136.4.131:6666/NsLP

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS125526)

Targets

    • Target

      051243b7e0082007493c576d3b896cbf3eeec3cf9572ee669ee0f4d7dca0570d.bin

    • Size

      7.1MB

    • MD5

      ab75f4edb052dbb0ec99f5f8308c8202

    • SHA1

      7f885b74a03bafc5a8349837d140214f75023d78

    • SHA256

      051243b7e0082007493c576d3b896cbf3eeec3cf9572ee669ee0f4d7dca0570d

    • SHA512

      6b0fb6c41e396f939d7aac04753b330eb6625f6098178c17ba96ed23d3a3c10b829c5cc4451d4c4acb5ca714672ca75beeeeca8d2af3e59d7ef8595091c2ddf5

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks