cobaltstrike | 20a4b1ce3da8e5c6a68f2a62f8f3aaabf4dd578cae1326c309958ea220932de0 | Triage

Sharing

General

Target

20a4b1ce3da8e5c6a68f2a62f8f3aaabf4dd578cae1326c309958ea220932de0
Size

120KB
Sample

221029-bard8sehcj
MD5

0295f705f795ee84a2697e4cc778f042
SHA1

f1ac9177a0a2f5fa1bae6f26141eeccf7e606e8d
SHA256

20a4b1ce3da8e5c6a68f2a62f8f3aaabf4dd578cae1326c309958ea220932de0
SHA512

2682fccf871fe03fd5fbe47c48cec1325b317bca37d3010335c36031c70a81170bdb9ca90b81f3e8f4cf68a27e95d7101e05b94e027e6ce04158e77785391d26
SSDEEP

1536:2X2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQ:0v5hm7VmBP7PtReQJUhMLgEE5RX

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  20a4b1ce3da8e5c6a68f2a62f8f3aaabf4dd578cae1326c309958ea220932de0
- Size
  
  120KB
- MD5
  
  0295f705f795ee84a2697e4cc778f042
- SHA1
  
  f1ac9177a0a2f5fa1bae6f26141eeccf7e606e8d
- SHA256
  
  20a4b1ce3da8e5c6a68f2a62f8f3aaabf4dd578cae1326c309958ea220932de0
- SHA512
  
  2682fccf871fe03fd5fbe47c48cec1325b317bca37d3010335c36031c70a81170bdb9ca90b81f3e8f4cf68a27e95d7101e05b94e027e6ce04158e77785391d26
- SSDEEP
  
  1536:2X2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQ:0v5hm7VmBP7PtReQJUhMLgEE5RX
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan