cobaltstrike | 0305a1778c3ee83229cc2791f46300b3af5faa15bb7f6507ef26f465bb90d69d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0305a1778c3ee83229cc2791f46300b3af5faa15bb7f6507ef26f465bb90d69d
Size

120KB
Sample

221029-bfs51seeg3
MD5

0b5ddcbe69a014c113ef8d1332dab271
SHA1

485b123cd579946ba232f843f9b47a5d09365e41
SHA256

0305a1778c3ee83229cc2791f46300b3af5faa15bb7f6507ef26f465bb90d69d
SHA512

6992cc3238074853f12f7c7dddaa557ac494d99b9a54d8f048190beaf0adadf020f8e112382d0d74dc7fc27f30a1f49a00c6144ed6cabfa65895935f3056bdd7
SSDEEP

1536:FX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6Wc5RXQ:lv5hm7VmBP7PtReQJUhMLgEc5RX

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  0305a1778c3ee83229cc2791f46300b3af5faa15bb7f6507ef26f465bb90d69d
- Size
  
  120KB
- MD5
  
  0b5ddcbe69a014c113ef8d1332dab271
- SHA1
  
  485b123cd579946ba232f843f9b47a5d09365e41
- SHA256
  
  0305a1778c3ee83229cc2791f46300b3af5faa15bb7f6507ef26f465bb90d69d
- SHA512
  
  6992cc3238074853f12f7c7dddaa557ac494d99b9a54d8f048190beaf0adadf020f8e112382d0d74dc7fc27f30a1f49a00c6144ed6cabfa65895935f3056bdd7
- SSDEEP
  
  1536:FX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6Wc5RXQ:lv5hm7VmBP7PtReQJUhMLgEc5RX
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan