cobaltstrike | 6277ca11e8fa7d6cd07ae3dac8c76afadfc16ea4ad23546018dcdf3904ce4953 | Triage

Submit
Reports

Overview

overview

Static

static

8

6277ca11e8...53.exe

windows7-x64

8

6277ca11e8...53.exe

windows10-2004-x64

Sharing

General

Target

6277ca11e8fa7d6cd07ae3dac8c76afadfc16ea4ad23546018dcdf3904ce4953
Size

1.5MB
Sample

220725-lxbbmscafq
MD5

951ab6e8be35c4812bd1374b9e45933c
SHA1

9d4b39a0404c959e07accda8c8c3c5fb9dd1b0ae
SHA256

6277ca11e8fa7d6cd07ae3dac8c76afadfc16ea4ad23546018dcdf3904ce4953
SHA512

b0fe39f690a4433bc4b6ed37096ff133a421441e721b81b59d9966455654ba503301320b7f9a34edaf191de408082aa3d54ab5e2d79f7708f14065e0c0fa51df

Score

10^/10

cobaltstrike 0 backdoor suricata trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6277ca11e8fa7d6cd07ae3dac8c76afadfc16ea4ad23546018dcdf3904ce4953.exe

Resource

win7-20220718-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

6277ca11e8fa7d6cd07ae3dac8c76afadfc16ea4ad23546018dcdf3904ce4953.exe

Resource

win10v2004-20220721-en

cobaltstrike 0 backdoor suricata trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

cobaltstrike

C2

http://service-k6z1uk8b-1307545782.sh.apigw.tencentcs.com:443/bootstrap-2.min.js

Attributes

user_agent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Targets

- Target
  
  6277ca11e8fa7d6cd07ae3dac8c76afadfc16ea4ad23546018dcdf3904ce4953
- Size
  
  1.5MB
- MD5
  
  951ab6e8be35c4812bd1374b9e45933c
- SHA1
  
  9d4b39a0404c959e07accda8c8c3c5fb9dd1b0ae
- SHA256
  
  6277ca11e8fa7d6cd07ae3dac8c76afadfc16ea4ad23546018dcdf3904ce4953
- SHA512
  
  b0fe39f690a4433bc4b6ed37096ff133a421441e721b81b59d9966455654ba503301320b7f9a34edaf191de408082aa3d54ab5e2d79f7708f14065e0c0fa51df
Score

10^/10

upx cobaltstrike 0 backdoor suricata trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1
  suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

cobaltstrike0backdoorsuricatatrojanupx

© 2018-2024

Terms | Privacy