cobaltstrike | 4c243352c6ff56af7a239284c0548c8eb5b29ed607ae27ccd96fc88aae826749 | Triage

Submit
Reports

Overview

overview

Static

static

4c243352c6...49.exe

windows7-x64

3

4c243352c6...49.exe

windows10-2004-x64

Sharing

General

Target

4c243352c6ff56af7a239284c0548c8eb5b29ed607ae27ccd96fc88aae826749
Size

397KB
Sample

220903-egg1xshacq
MD5

7701063077c407e10c91a0ddebe2662c
SHA1

36c3ef7641608ca69a579a09415668eec6cb53b9
SHA256

4c243352c6ff56af7a239284c0548c8eb5b29ed607ae27ccd96fc88aae826749
SHA512

75da365064a9b6d6f16ef107eb36fe5ec141becf5116292d870b9e06fa02e9d761e181b1c51356af8014ed41d98319a537cca988525fa0b0b064be7013d4804f
SSDEEP

12288:YdkMw+nDy3JThDm3ONiefI0IyLi1LZhChn:Y6LPgIinm

Score

10^/10

cobaltstrike hawkeye backdoor keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

4c243352c6ff56af7a239284c0548c8eb5b29ed607ae27ccd96fc88aae826749.exe

Resource

win7-20220901-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

4c243352c6ff56af7a239284c0548c8eb5b29ed607ae27ccd96fc88aae826749.exe

Resource

win10v2004-20220812-en

cobaltstrike hawkeye backdoor keylogger spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  4c243352c6ff56af7a239284c0548c8eb5b29ed607ae27ccd96fc88aae826749
- Size
  
  397KB
- MD5
  
  7701063077c407e10c91a0ddebe2662c
- SHA1
  
  36c3ef7641608ca69a579a09415668eec6cb53b9
- SHA256
  
  4c243352c6ff56af7a239284c0548c8eb5b29ed607ae27ccd96fc88aae826749
- SHA512
  
  75da365064a9b6d6f16ef107eb36fe5ec141becf5116292d870b9e06fa02e9d761e181b1c51356af8014ed41d98319a537cca988525fa0b0b064be7013d4804f
- SSDEEP
  
  12288:YdkMw+nDy3JThDm3ONiefI0IyLi1LZhChn:Y6LPgIinm
Score

10^/10

cobaltstrike hawkeye backdoor keylogger spyware stealer trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

cobaltstrikehawkeyebackdoorkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy