cobaltstrike | b6262f4aa06d0bf045d95e3fcbc142f1d1d98f053da5714e3570482f0cf93b65 | Triage

Sharing

General

Target

gwui.dll
Size

211KB
Sample

220208-11v8jsffhq
MD5

ac581207ef80437a961f2ada3a47d763
SHA1

62964395bbc5fbee65dac62e0233ce8377674b2c
SHA256

b6262f4aa06d0bf045d95e3fcbc142f1d1d98f053da5714e3570482f0cf93b65
SHA512

e0e079b3271cf71b582c6d1ea9326860f7c7467051c7aaacab7f19115390655341200fdba1e0b01e2b6225e8ed2efb0a1cdc55bd7fccb120060d89cb0d493bc2

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://foxofeli.com:443/image-directory/dhl.jpg

Attributes

user_agent
Host: weibo.com Connection: close Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9

Targets

- Target
  
  gwui.dll
- Size
  
  211KB
- MD5
  
  ac581207ef80437a961f2ada3a47d763
- SHA1
  
  62964395bbc5fbee65dac62e0233ce8377674b2c
- SHA256
  
  b6262f4aa06d0bf045d95e3fcbc142f1d1d98f053da5714e3570482f0cf93b65
- SHA512
  
  e0e079b3271cf71b582c6d1ea9326860f7c7467051c7aaacab7f19115390655341200fdba1e0b01e2b6225e8ed2efb0a1cdc55bd7fccb120060d89cb0d493bc2
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan