cobaltstrike | 21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20 | Triage

Submit
Reports

Overview

overview

Static

static

21286ed0b3...20.lnk

windows7_x64

21286ed0b3...20.lnk

windows10-2004_x64

Sharing

General

Target

21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20
Size

1KB
Sample

220701-kqe6kscaak
MD5

e3f89049dc5f0065ee4d780f8aef9c04
SHA1

ba5fcbdbd5b71bfc52b8a824bd40c547a7223260
SHA256

21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20
SHA512

a4f8e14e9caa4c32bb5dcd97d3ac4a050ba63172429172de78c145f05e12c4982fcbb4200cf179da254f70dcf3a0587e5898a0df0bb47beec6a1fc1c44b8a5d9

Score

10^/10

cobaltstrike backdoor suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20.lnk

Resource

win7-20220414-en

cobaltstrike backdoor suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20.lnk

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://120.48.85.228:80/favicon

Targets

- Target
  
  21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20
- Size
  
  1KB
- MD5
  
  e3f89049dc5f0065ee4d780f8aef9c04
- SHA1
  
  ba5fcbdbd5b71bfc52b8a824bd40c547a7223260
- SHA256
  
  21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20
- SHA512
  
  a4f8e14e9caa4c32bb5dcd97d3ac4a050ba63172429172de78c145f05e12c4982fcbb4200cf179da254f70dcf3a0587e5898a0df0bb47beec6a1fc1c44b8a5d9
Score

10^/10

cobaltstrike backdoor suricata trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- suricata: ET MALWARE Cobalt Strike Beacon Observed
  suricata: ET MALWARE Cobalt Strike Beacon Observed
  suricata
- suricata: ET MALWARE Meterpreter or Other Reverse Shell SSL Cert
  suricata: ET MALWARE Meterpreter or Other Reverse Shell SSL Cert
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorsuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy