Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

gwui.dll
Size

211KB
Sample

220208-11v8jsffhq
MD5

ac581207ef80437a961f2ada3a47d763
SHA1

62964395bbc5fbee65dac62e0233ce8377674b2c
SHA256

b6262f4aa06d0bf045d95e3fcbc142f1d1d98f053da5714e3570482f0cf93b65
SHA512

e0e079b3271cf71b582c6d1ea9326860f7c7467051c7aaacab7f19115390655341200fdba1e0b01e2b6225e8ed2efb0a1cdc55bd7fccb120060d89cb0d493bc2

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://foxofeli.com:443/image-directory/dhl.jpg

Attributes

user_agent
Host: weibo.com Connection: close Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9

Targets

- Target
  
  gwui.dll
- Size
  
  211KB
- MD5
  
  ac581207ef80437a961f2ada3a47d763
- SHA1
  
  62964395bbc5fbee65dac62e0233ce8377674b2c
- SHA256
  
  b6262f4aa06d0bf045d95e3fcbc142f1d1d98f053da5714e3570482f0cf93b65
- SHA512
  
  e0e079b3271cf71b582c6d1ea9326860f7c7467051c7aaacab7f19115390655341200fdba1e0b01e2b6225e8ed2efb0a1cdc55bd7fccb120060d89cb0d493bc2
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

T1012

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan