cobaltstrike | 3b664ef693e3a2ba0d802e3533665deeb5b6564b60b9df77ddf7b5238c5433b3 | Triage

Submit
Reports

Overview

overview

Static

static

3b664ef693...b3.exe

windows7_x64

3b664ef693...b3.exe

windows10-2004_x64

Sharing

General

Target

3b664ef693e3a2ba0d802e3533665deeb5b6564b60b9df77ddf7b5238c5433b3
Size

3.5MB
Sample

220703-t3gplsagh2
MD5

5868d5f4553d09e0cec3ac99e5627a02
SHA1

8d770dc0933e355b02aace86e7231b4bf437af1a
SHA256

3b664ef693e3a2ba0d802e3533665deeb5b6564b60b9df77ddf7b5238c5433b3
SHA512

92769d31ef11c83c0e87307dca29d38a41a521dfb89e3ef521c7c34c78fc14b718a787417fee463bb68a10f249af5fb043a7596cb451e26d3b9b6ae81a4cfbe5

Score

10^/10

cobaltstrike metasploit adware backdoor discovery stealer trojan

Static task

static1

metasploit cobaltstrike

Behavioral task

behavioral1

Sample

3b664ef693e3a2ba0d802e3533665deeb5b6564b60b9df77ddf7b5238c5433b3.exe

Resource

win7-20220414-en

cobaltstrike metasploit backdoor trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3b664ef693e3a2ba0d802e3533665deeb5b6564b60b9df77ddf7b5238c5433b3.exe

Resource

win10v2004-20220414-en

cobaltstrike metasploit adware backdoor discovery stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Targets

- Target
  
  3b664ef693e3a2ba0d802e3533665deeb5b6564b60b9df77ddf7b5238c5433b3
- Size
  
  3.5MB
- MD5
  
  5868d5f4553d09e0cec3ac99e5627a02
- SHA1
  
  8d770dc0933e355b02aace86e7231b4bf437af1a
- SHA256
  
  3b664ef693e3a2ba0d802e3533665deeb5b6564b60b9df77ddf7b5238c5433b3
- SHA512
  
  92769d31ef11c83c0e87307dca29d38a41a521dfb89e3ef521c7c34c78fc14b718a787417fee463bb68a10f249af5fb043a7596cb451e26d3b9b6ae81a4cfbe5
Score

10^/10

cobaltstrike metasploit backdoor trojan adware discovery stealer
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

File Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

metasploitcobaltstrike

behavioral1

cobaltstrikemetasploitbackdoortrojan

behavioral2

cobaltstrikemetasploitadwarebackdoordiscoverystealertrojan

© 2018-2024

Terms | Privacy