cobaltstrike | 6b88286b240db5630c98d895fd188d079b4a88790dee601645afab7ae28cc578 | Triage

Submit
Reports

Overview

overview

Static

static

3

!.bin.exe

windows7_x64

!.bin.exe

windows10_x64

Sharing

General

Target

!.bin
Size

5.2MB
Sample

211111-w269zsbhb6
MD5

c1e722db229bd6dd596663f6f08aa654
SHA1

e8f2847b2bc4e1585f47a46161c192caf3978d02
SHA256

6b88286b240db5630c98d895fd188d079b4a88790dee601645afab7ae28cc578
SHA512

b415b68edcc8488f82f1dd9537640b35c22f4321f622cbac59f44fbe22ab36890a3ed13c1bf292c1e417f88ef9d72f79e810cbc114711ed00219304ea341303c

Score

10^/10

cobaltstrike backdoor pyinstaller trojan

Static task

static1

Behavioral task

behavioral1

Sample

!.bin.exe

Resource

win7-en-20211104

cobaltstrike backdoor trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

!.bin.exe

Resource

win10-en-20211014

cobaltstrike backdoor trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

cobaltstrike

C2

http://101.35.100.211:58888/bEIm

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)

Targets

- Target
  
  !.bin
- Size
  
  5.2MB
- MD5
  
  c1e722db229bd6dd596663f6f08aa654
- SHA1
  
  e8f2847b2bc4e1585f47a46161c192caf3978d02
- SHA256
  
  6b88286b240db5630c98d895fd188d079b4a88790dee601645afab7ae28cc578
- SHA512
  
  b415b68edcc8488f82f1dd9537640b35c22f4321f622cbac59f44fbe22ab36890a3ed13c1bf292c1e417f88ef9d72f79e810cbc114711ed00219304ea341303c
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Suspicious use of NtCreateProcessExOtherParentProcess
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan

© 2018-2024

Terms | Privacy