cobaltstrike | 405038bb905e5740fb8363dfdc8b03a7d40d7ea80715bb5697a65a0fbcd45119 | Triage

Sharing

General

Target

405038bb905e5740fb8363dfdc8b03a7d40d7ea80715bb5697a65a0fbcd45119
Size

1.3MB
Sample

221127-hj53bafg85
MD5

f721d46e0049e7604741f53f79fe39a3
SHA1

2bb22da15b74e26de1ffecb81583c403f1893257
SHA256

405038bb905e5740fb8363dfdc8b03a7d40d7ea80715bb5697a65a0fbcd45119
SHA512

89bcac2c72bddc50922381b0a92dcda4a1c2ee26dd8830393a983c19f804096792aa404ff786d5cc7928cae77c448c398c4606b6f869951f92e32931a933cfe3
SSDEEP

24576:R0FGMqzFkMiE4nAcQB2kWf65NShgDAzkxFPh3kEpS:e+Fk+MHn6/SKDIkxxh3

Score

10^/10

cobaltstrike metasploit backdoor persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Targets

- Target
  
  405038bb905e5740fb8363dfdc8b03a7d40d7ea80715bb5697a65a0fbcd45119
- Size
  
  1.3MB
- MD5
  
  f721d46e0049e7604741f53f79fe39a3
- SHA1
  
  2bb22da15b74e26de1ffecb81583c403f1893257
- SHA256
  
  405038bb905e5740fb8363dfdc8b03a7d40d7ea80715bb5697a65a0fbcd45119
- SHA512
  
  89bcac2c72bddc50922381b0a92dcda4a1c2ee26dd8830393a983c19f804096792aa404ff786d5cc7928cae77c448c398c4606b6f869951f92e32931a933cfe3
- SSDEEP
  
  24576:R0FGMqzFkMiE4nAcQB2kWf65NShgDAzkxFPh3kEpS:e+Fk+MHn6/SKDIkxxh3
Score

10^/10

cobaltstrike metasploit backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikemetasploitbackdoorpersistencetrojan

behavioral2

cobaltstrikemetasploitbackdoorpersistencetrojan