cobaltstrike | db551176352b67d6f81442e60a9145c3a5b195ea181d6f45234c5e229d5c6b3c | Triage

Sharing

General

Target

db551176352b67d6f81442e60a9145c3a5b195ea181d6f45234c5e229d5c6b3c
Size

115KB
Sample

221127-v334aaac7y
MD5

bb0798cfc9e1ef1ecf293d9cb25b0402
SHA1

b16d3e6f9a68d5206a3cc637659617e08f2337c2
SHA256

db551176352b67d6f81442e60a9145c3a5b195ea181d6f45234c5e229d5c6b3c
SHA512

facdc978589ad2873cbab1b494fe0425aa83a67cc69deb3519bac8c28e262a0695d3c5d372996fe9c078c553047e3aff3eb0d05632df22d5f7f89c607d4d1949
SSDEEP

1536:+++fq6M5b9NqTxV67wAInyAeG+90MHJaOsp1gMIEELZ2G6CNgRtOOOOOOOOEQ6Z:+++VMoTxyi9e7O1IXLoSWRqz

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  db551176352b67d6f81442e60a9145c3a5b195ea181d6f45234c5e229d5c6b3c
- Size
  
  115KB
- MD5
  
  bb0798cfc9e1ef1ecf293d9cb25b0402
- SHA1
  
  b16d3e6f9a68d5206a3cc637659617e08f2337c2
- SHA256
  
  db551176352b67d6f81442e60a9145c3a5b195ea181d6f45234c5e229d5c6b3c
- SHA512
  
  facdc978589ad2873cbab1b494fe0425aa83a67cc69deb3519bac8c28e262a0695d3c5d372996fe9c078c553047e3aff3eb0d05632df22d5f7f89c607d4d1949
- SSDEEP
  
  1536:+++fq6M5b9NqTxV67wAInyAeG+90MHJaOsp1gMIEELZ2G6CNgRtOOOOOOOOEQ6Z:+++VMoTxyi9e7O1IXLoSWRqz
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan