Overview

overview

10

Static

static

c47bc2c15f...72.exe

windows7_x64

10

c47bc2c15f...72.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c47bc2c15f08655d158bb8c9d5254c804c9b6faded526be6879fa94ea4a64f72

  • Size

    495KB

  • Sample

    220128-tccb7sgdf9

  • MD5

    4f3b1a2088e473c7d2373849deb4536f

  • SHA1

    bed2fe1eb344a88c974def3d5afbb164501c2e9e

  • SHA256

    c47bc2c15f08655d158bb8c9d5254c804c9b6faded526be6879fa94ea4a64f72

  • SHA512

    c187eaecb3414f7434aaee88fdec25f52a629dca7997c2918ff84938f9aaa22ee14fd33c2a0ebc54d310f83d033731ef5ae8c57477dd0d05d702fc710c1f35fc

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Targets

    • Target

      c47bc2c15f08655d158bb8c9d5254c804c9b6faded526be6879fa94ea4a64f72

    • Size

      495KB

    • MD5

      4f3b1a2088e473c7d2373849deb4536f

    • SHA1

      bed2fe1eb344a88c974def3d5afbb164501c2e9e

    • SHA256

      c47bc2c15f08655d158bb8c9d5254c804c9b6faded526be6879fa94ea4a64f72

    • SHA512

      c187eaecb3414f7434aaee88fdec25f52a629dca7997c2918ff84938f9aaa22ee14fd33c2a0ebc54d310f83d033731ef5ae8c57477dd0d05d702fc710c1f35fc

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks