cobaltstrike | cd1c9d25523532f142c9f9b84f26fbb5abb8459c7eee99cf13b3e7f827c9d1a3 | Triage

Sharing

General

Target

Skype.Profiling.dll
Size

275KB
Sample

220120-jlzhzsggh2
MD5

d6e290500e5fcae7e7d67fc45abaa9cd
SHA1

f8b11c77c54b6d0d7017d834bd0708316f577d08
SHA256

cd1c9d25523532f142c9f9b84f26fbb5abb8459c7eee99cf13b3e7f827c9d1a3
SHA512

fc3c37c75bc91545154cced245df33f1e61b7e8467ee187de932d7b05ae9476e507335320e129f60b06f45fb244a561c1d51bfe6b9e61a3f908cf582b3b25982

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  Skype.Profiling.dll
- Size
  
  275KB
- MD5
  
  d6e290500e5fcae7e7d67fc45abaa9cd
- SHA1
  
  f8b11c77c54b6d0d7017d834bd0708316f577d08
- SHA256
  
  cd1c9d25523532f142c9f9b84f26fbb5abb8459c7eee99cf13b3e7f827c9d1a3
- SHA512
  
  fc3c37c75bc91545154cced245df33f1e61b7e8467ee187de932d7b05ae9476e507335320e129f60b06f45fb244a561c1d51bfe6b9e61a3f908cf582b3b25982
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Blocklisted process makes network request
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoorpersistencetrojan