cobaltstrike | fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f | Triage

Sharing

General

Target

fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f
Size

904KB
Sample

221031-ng3r3aagf2
MD5

4bfad4cb9222e22214d002be79a0df7e
SHA1

44533522afbaf6b66a354e8b9f846117760e1320
SHA256

fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f
SHA512

725d8333c266a587cb2be983bc8c7957232049f76668c9e937a97952f09ec8b76f069ffabc6ca423b94e7760d4726ae4fa33f4ed1c3a15bd243a6f1614dfa90f
SSDEEP

24576:dGHCm8uPdJddrD7pIZ2GRaRkhiZ8fAivsP5+l8w:kuWzKZ2GRrKIkPw

Score

10^/10

cobaltstrike joker 0 backdoor infostealer trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://124.220.0.89:7777/l5Si

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Targets

- Target
  
  fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f
- Size
  
  904KB
- MD5
  
  4bfad4cb9222e22214d002be79a0df7e
- SHA1
  
  44533522afbaf6b66a354e8b9f846117760e1320
- SHA256
  
  fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f
- SHA512
  
  725d8333c266a587cb2be983bc8c7957232049f76668c9e937a97952f09ec8b76f069ffabc6ca423b94e7760d4726ae4fa33f4ed1c3a15bd243a6f1614dfa90f
- SSDEEP
  
  24576:dGHCm8uPdJddrD7pIZ2GRaRkhiZ8fAivsP5+l8w:kuWzKZ2GRrKIkPw
Score

10^/10

cobaltstrike joker 0 backdoor infostealer trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikejoker0backdoorinfostealertrojan

behavioral2

cobaltstrikejoker0backdoorinfostealertrojan