cobaltstrike | 605983f0b5761ec3bd423f21f45e344536b1ba6c01a9360a0e3cdd82a0f308fb | Triage

Sharing

General

Target

6502350844493824.zip
Size

79KB
Sample

220109-tznnradeh6
MD5

51ac3f097b50e9e8861b43f9d5a5c8e2
SHA1

c5d0406724ef456e42f1a2482883ed75c30e887c
SHA256

605983f0b5761ec3bd423f21f45e344536b1ba6c01a9360a0e3cdd82a0f308fb
SHA512

c31058f1dbcc8f6b86abbb275c92e344d227cd0eaacabadb5397162b2c9d9a5c85bf1e5a35f3885221998711f48f7d7ccf75fc5b47af2f8491a5cf9674feecd2

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  00472b5baa597592dd522408cc6cec01eaec526ef8d0b709a9a9e2c09f7a97c2
- Size
  
  115KB
- MD5
  
  a5bd0778a3baac35f9c40b06951b92be
- SHA1
  
  442182ec444bad81041875380b2968041b4d3096
- SHA256
  
  00472b5baa597592dd522408cc6cec01eaec526ef8d0b709a9a9e2c09f7a97c2
- SHA512
  
  10e204c9b8439fc70f55206b5ed1a37708459535fe7b05a32d68dd215a65e20af17a96611665b583be0dc96ffc9e9cb44fc240f76a65fb8e30ea2226dfaf7b1c
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan