cobaltstrike | fba9dd0ebb8d838fa394cda10dca50450d8c0fc6158deff38904072140d64507 | Triage

Sharing

General

Target

oben32.dll
Size

354KB
Sample

211214-q5xl3afgf6
MD5

b873bfa8dec8c3a1f62c30903e59e849
SHA1

2c4aaefe0c20843db9b9f4996d42c7563b081097
SHA256

fba9dd0ebb8d838fa394cda10dca50450d8c0fc6158deff38904072140d64507
SHA512

a8c0a467788335297f34b9a60401b0ef50e023d0efc0b77eaf560decc785ed2c2b79534e14451aab747e307baa057fad0956e2941ff28b9995d4dbbd6e762457

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://api.musicbee.getlist.destinycraftpe.com:443/azure/v2/api

Attributes

user_agent
Content-Type: application/json accept: */* cookie: HSID=cl0gxhLgPAirQvdbj sec-ch-ua: Chromium;v=91 sec-ch-ua-mobile: ?0 sec-fetch-site: same-site sec-fetch-mode: cors sec-fetch-dest: empty accept-encoding: gzip, deflate accept-language: en X-Amz-Cf-Pop: HTL55-C2 User-Agent: MusicBee/3.4

Targets

- Target
  
  oben32.dll
- Size
  
  354KB
- MD5
  
  b873bfa8dec8c3a1f62c30903e59e849
- SHA1
  
  2c4aaefe0c20843db9b9f4996d42c7563b081097
- SHA256
  
  fba9dd0ebb8d838fa394cda10dca50450d8c0fc6158deff38904072140d64507
- SHA512
  
  a8c0a467788335297f34b9a60401b0ef50e023d0efc0b77eaf560decc785ed2c2b79534e14451aab747e307baa057fad0956e2941ff28b9995d4dbbd6e762457
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan