cobaltstrike | 9ed5007030c018feaaba6c9e7f668b9c296652ef29d6f4bd39703421ec769b0e | Triage

Submit
Reports

Overview

overview

Static

static

9ed5007030...0e.dll

windows7_x64

9ed5007030...0e.dll

windows10_x64

Sharing

General

Target

9ed5007030c018feaaba6c9e7f668b9c296652ef29d6f4bd39703421ec769b0e
Size

652KB
Sample

211125-rjg5xsage7
MD5

9b24c5978918a68a8682c6526ca48a7b
SHA1

2fd14cc60f99a4a53838f284b847c4df5b1b651c
SHA256

9ed5007030c018feaaba6c9e7f668b9c296652ef29d6f4bd39703421ec769b0e
SHA512

417cb8a22c34afef0ad2b478f2cf0fa4d04c1c58e69e9082d3738c015bf6d9e16ec6601643d80021849e382ebba760fc62656f96290b9179bb40d78071adea1e

Score

10^/10

cobaltstrike flawedgracerat backdoor persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

9ed5007030c018feaaba6c9e7f668b9c296652ef29d6f4bd39703421ec769b0e.dll

Resource

win7-en-20211014

cobaltstrike flawedgracerat backdoor persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9ed5007030c018feaaba6c9e7f668b9c296652ef29d6f4bd39703421ec769b0e.dll

Resource

win10-en-20211104

cobaltstrike flawedgracerat backdoor persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  9ed5007030c018feaaba6c9e7f668b9c296652ef29d6f4bd39703421ec769b0e
- Size
  
  652KB
- MD5
  
  9b24c5978918a68a8682c6526ca48a7b
- SHA1
  
  2fd14cc60f99a4a53838f284b847c4df5b1b651c
- SHA256
  
  9ed5007030c018feaaba6c9e7f668b9c296652ef29d6f4bd39703421ec769b0e
- SHA512
  
  417cb8a22c34afef0ad2b478f2cf0fa4d04c1c58e69e9082d3738c015bf6d9e16ec6601643d80021849e382ebba760fc62656f96290b9179bb40d78071adea1e
Score

10^/10

cobaltstrike flawedgracerat backdoor persistence rat trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- FlawedGraceRAT
  FlawedGrace is a full-featured RAT written in C++.
  rat flawedgracerat
- Registers COM server for autorun
  persistence
- Suspicious use of NtCreateProcessExOtherParentProcess
- FlawedGraceRat Backdoor
  Detects FlawedGraceRat x64 backdoor in memory.
  backdoor
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikeflawedgraceratbackdoorpersistencerattrojan

behavioral2

cobaltstrikeflawedgraceratbackdoorpersistencerattrojan

© 2018-2024

Terms | Privacy