Overview

overview

10

Static

static

16c7bda207...f7.exe

windows7_x64

10

16c7bda207...f7.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16c7bda207cb29e36c50337ced9239ff09c6089a84132e5ee1f2366a644dc9f7

  • Size

    56.8MB

  • Sample

    220107-l6e17acbb2

  • MD5

    bc6684c0ea7c60d44ae6ff4434810e09

  • SHA1

    cbdc8ae37e94d69261b1985e1d3f2183f6174e01

  • SHA256

    16c7bda207cb29e36c50337ced9239ff09c6089a84132e5ee1f2366a644dc9f7

  • SHA512

    17d2e6c593318ebb0aa867dd973a2004350cf0330be8c5a2807f90720adf4fc870a5504cb3035eb427e15847ffac4f6a2052bddb47bad55754f0150ee149600d

Score
10/10
cobaltstrikebackdoorevasiontrojan

Malware Config

Targets

    • Target

      16c7bda207cb29e36c50337ced9239ff09c6089a84132e5ee1f2366a644dc9f7

    • Size

      56.8MB

    • MD5

      bc6684c0ea7c60d44ae6ff4434810e09

    • SHA1

      cbdc8ae37e94d69261b1985e1d3f2183f6174e01

    • SHA256

      16c7bda207cb29e36c50337ced9239ff09c6089a84132e5ee1f2366a644dc9f7

    • SHA512

      17d2e6c593318ebb0aa867dd973a2004350cf0330be8c5a2807f90720adf4fc870a5504cb3035eb427e15847ffac4f6a2052bddb47bad55754f0150ee149600d

    Score
    10/10
    cobaltstrikebackdoorevasiontrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

2
T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

2
T1158

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks