cobaltstrike | 386c8f77a22601e485d45d310278ba5e73bd27ea0e9d9298387e7e326e271b66 | Triage

Sharing

General

Target

386c8f77a22601e485d45d310278ba5e73bd27ea0e9d9298387e7e326e271b66
Size

479KB
Sample

221125-c98cgafd66
MD5

a3bada2dbbf2eafaf7a09c280341de26
SHA1

0d4a73112c519ac6d5b63e9eddd8d3bc045e7b18
SHA256

386c8f77a22601e485d45d310278ba5e73bd27ea0e9d9298387e7e326e271b66
SHA512

ceb0d0778497927d534e0ec8152165cd7e7e76c9ea53e7a3b7b763baa3003cef2e032a89a4989358ae8abda55a09c90d536254f9b179524b8ed472a6065118bd
SSDEEP

12288:MyBZUZO1TyPgqOy6AJmkBFEbGaz1Thf/:MyBZeONyoqd6AJFuz1

Score

10^/10

cobaltstrike backdoor bootkit persistence trojan

Malware Config

Targets

- Target
  
  386c8f77a22601e485d45d310278ba5e73bd27ea0e9d9298387e7e326e271b66
- Size
  
  479KB
- MD5
  
  a3bada2dbbf2eafaf7a09c280341de26
- SHA1
  
  0d4a73112c519ac6d5b63e9eddd8d3bc045e7b18
- SHA256
  
  386c8f77a22601e485d45d310278ba5e73bd27ea0e9d9298387e7e326e271b66
- SHA512
  
  ceb0d0778497927d534e0ec8152165cd7e7e76c9ea53e7a3b7b763baa3003cef2e032a89a4989358ae8abda55a09c90d536254f9b179524b8ed472a6065118bd
- SSDEEP
  
  12288:MyBZUZO1TyPgqOy6AJmkBFEbGaz1Thf/:MyBZeONyoqd6AJFuz1
Score

10^/10

cobaltstrike backdoor bootkit persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorbootkitpersistencetrojan

behavioral2

cobaltstrikebackdoorbootkitpersistencetrojan