cobaltstrike | 4d4336297caa2c81160fe1b7b45383b1a9681f63ca3696a867c9a82242dfa115 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d4336297caa2c81160fe1b7b45383b1a9681f63ca3696a867c9a82242dfa115
Size

224KB
Sample

221003-n7sd1sefe9
MD5

6a2f9874a885cace73f83aa09a3feb4f
SHA1

78b0ce91cfb6b74c44baf7bf088dba98b056c444
SHA256

4d4336297caa2c81160fe1b7b45383b1a9681f63ca3696a867c9a82242dfa115
SHA512

16d8a92a813edc7fc76c5b8098fa7657c9d35d333f4c60dca95fcacaf827f060b0033bc115aba475c81e80caaa7e885769d3db742ea090c65a865877aa1634d2
SSDEEP

3072:6C/gLTTkRy7LfS2glhRXJehyBJUEoJA+1exXsoS2glhRXJehyBJUEoJA:1YLT1Pi9JehNACexXsoi9JehNA

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  4d4336297caa2c81160fe1b7b45383b1a9681f63ca3696a867c9a82242dfa115
- Size
  
  224KB
- MD5
  
  6a2f9874a885cace73f83aa09a3feb4f
- SHA1
  
  78b0ce91cfb6b74c44baf7bf088dba98b056c444
- SHA256
  
  4d4336297caa2c81160fe1b7b45383b1a9681f63ca3696a867c9a82242dfa115
- SHA512
  
  16d8a92a813edc7fc76c5b8098fa7657c9d35d333f4c60dca95fcacaf827f060b0033bc115aba475c81e80caaa7e885769d3db742ea090c65a865877aa1634d2
- SSDEEP
  
  3072:6C/gLTTkRy7LfS2glhRXJehyBJUEoJA+1exXsoS2glhRXJehyBJUEoJA:1YLT1Pi9JehNACexXsoi9JehNA
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan