cobaltstrike | 644f0a88f1a5453ef1d23bd3dc4c30cc4495749846ca56d8f37c1ff4e852df8d | Triage

Sharing

General

Target

644f0a88f1a5453ef1d23bd3dc4c30cc4495749846ca56d8f37c1ff4e852df8d
Size

1.2MB
Sample

221128-d5r1csfh8t
MD5

4daf5cf751680712f85806ff6116b295
SHA1

c776d41aaa20eed0493a0330a58a1399c0245913
SHA256

644f0a88f1a5453ef1d23bd3dc4c30cc4495749846ca56d8f37c1ff4e852df8d
SHA512

e5ca4867938d4b6b50df8acfd1a3a10f90b76c3c6df411161715b35a92a21cb8be5eb78935e4eb25003679ed278e8db6b217afb54e4dd03767f0f8912edae730
SSDEEP

6144:+YLTfG6i9JehNAQ9Nd5hY2WFhel8GNle4PjgG+Yqo:+YPOtTe0yJ5aKHNlh7gGn

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  644f0a88f1a5453ef1d23bd3dc4c30cc4495749846ca56d8f37c1ff4e852df8d
- Size
  
  1.2MB
- MD5
  
  4daf5cf751680712f85806ff6116b295
- SHA1
  
  c776d41aaa20eed0493a0330a58a1399c0245913
- SHA256
  
  644f0a88f1a5453ef1d23bd3dc4c30cc4495749846ca56d8f37c1ff4e852df8d
- SHA512
  
  e5ca4867938d4b6b50df8acfd1a3a10f90b76c3c6df411161715b35a92a21cb8be5eb78935e4eb25003679ed278e8db6b217afb54e4dd03767f0f8912edae730
- SSDEEP
  
  6144:+YLTfG6i9JehNAQ9Nd5hY2WFhel8GNle4PjgG+Yqo:+YPOtTe0yJ5aKHNlh7gGn
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan