cobaltstrike | 12baff892dc37e78e427790d4a41ab84df33309db3b54f2b9f75bb31644c30b3 | Triage

Submit
Reports

Overview

overview

Static

static

12baff892d...b3.exe

windows7-x64

12baff892d...b3.exe

windows10-2004-x64

Sharing

General

Target

12baff892dc37e78e427790d4a41ab84df33309db3b54f2b9f75bb31644c30b3
Size

312KB
Sample

221126-apv6ashd46
MD5

6f123e6d33cc280d6138bdf61490bd9d
SHA1

230459646d4c8985409879520eb88eaf698a5689
SHA256

12baff892dc37e78e427790d4a41ab84df33309db3b54f2b9f75bb31644c30b3
SHA512

cfbe9e7ff481b820f9fcf2694b1f5d2aceab9c6a01072bd13fd2bdf1f471e2b9bd4eaafb2566b0d795ce62ed1e7245e045640a7df1435fe1a86bc000ef9c64e7
SSDEEP

6144:0yAaQ1BdglcE19mMOJ64SszizGMWS9QcCeLZrdIC0wPysIeN20fu59Bdvka:0yAR1Boc2mMOJYszizPxVCIPpysIG20C

Score

10^/10

cobaltstrike backdoor bootkit persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

12baff892dc37e78e427790d4a41ab84df33309db3b54f2b9f75bb31644c30b3.exe

Resource

win7-20220812-en

cobaltstrike backdoor bootkit persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

12baff892dc37e78e427790d4a41ab84df33309db3b54f2b9f75bb31644c30b3.exe

Resource

win10v2004-20221111-en

cobaltstrike backdoor trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  12baff892dc37e78e427790d4a41ab84df33309db3b54f2b9f75bb31644c30b3
- Size
  
  312KB
- MD5
  
  6f123e6d33cc280d6138bdf61490bd9d
- SHA1
  
  230459646d4c8985409879520eb88eaf698a5689
- SHA256
  
  12baff892dc37e78e427790d4a41ab84df33309db3b54f2b9f75bb31644c30b3
- SHA512
  
  cfbe9e7ff481b820f9fcf2694b1f5d2aceab9c6a01072bd13fd2bdf1f471e2b9bd4eaafb2566b0d795ce62ed1e7245e045640a7df1435fe1a86bc000ef9c64e7
- SSDEEP
  
  6144:0yAaQ1BdglcE19mMOJ64SszizGMWS9QcCeLZrdIC0wPysIeN20fu59Bdvka:0yAR1Boc2mMOJYszizPxVCIPpysIG20C
Score

10^/10

cobaltstrike backdoor bootkit persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Deletes itself
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorbootkitpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan

© 2018-2024

Terms | Privacy