cobaltstrike | f23fa03aac41be96640689bba751625ab8386707eff75ced9d997e66500beb8b | Triage

Submit
Reports

Overview

overview

Static

static

e865c4f13e...47.exe

windows7_x64

e865c4f13e...47.exe

windows10-2004_x64

Sharing

General

Target

e865c4f13e3b5c2f278ec51b17825647.exe
Size

12.9MB
Sample

220525-n5aq7aacd3
MD5

e865c4f13e3b5c2f278ec51b17825647
SHA1

365d89cf1118f4f6338eb82c4d124a313528c77e
SHA256

f23fa03aac41be96640689bba751625ab8386707eff75ced9d997e66500beb8b
SHA512

2915a4381dc8bf9f31b493bcb31ccd2b286aad9ff0426f23e873ebe500f61a0b7aa9b945b994d4ec30efe4c52a5e5b042b706c12b383de5993d1dee57613f640

Score

10^/10

cobaltstrike 0 backdoor pyinstaller suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

e865c4f13e3b5c2f278ec51b17825647.exe

Resource

win7-20220414-en

cobaltstrike 0 backdoor pyinstaller suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e865c4f13e3b5c2f278ec51b17825647.exe

Resource

win10v2004-20220414-en

cobaltstrike 0 backdoor pyinstaller suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Targets

- Target
  
  e865c4f13e3b5c2f278ec51b17825647.exe
- Size
  
  12.9MB
- MD5
  
  e865c4f13e3b5c2f278ec51b17825647
- SHA1
  
  365d89cf1118f4f6338eb82c4d124a313528c77e
- SHA256
  
  f23fa03aac41be96640689bba751625ab8386707eff75ced9d997e66500beb8b
- SHA512
  
  2915a4381dc8bf9f31b493bcb31ccd2b286aad9ff0426f23e873ebe500f61a0b7aa9b945b994d4ec30efe4c52a5e5b042b706c12b383de5993d1dee57613f640
Score

10^/10

cobaltstrike 0 backdoor pyinstaller suricata trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1
  suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrike0backdoorpyinstallersuricatatrojan

behavioral2

cobaltstrike0backdoorpyinstallersuricatatrojan

© 2018-2024

Terms | Privacy