cobaltstrike | e05aa504f10cfc2051a80cab8010be1061093bde3fc0f18825338cd08c3972ea | Triage

Sharing

General

Target

e05aa504f10cfc2051a80cab8010be1061093bde3fc0f18825338cd08c3972ea
Size

308KB
Sample

221128-tte5escb8y
MD5

836d0ad050dfd1c041f571fca3668bc5
SHA1

6c8792c582d975a46ae81e45fd713cd750584a3a
SHA256

e05aa504f10cfc2051a80cab8010be1061093bde3fc0f18825338cd08c3972ea
SHA512

38ba016eb7471a6f9fd87d8434a718955375af50795c438d0d68f947209aefae100b44fc8fff8c40cd1c6f2f29bbfeed8d57a6891dd30b1823fe53ae9cfc8b4b
SSDEEP

6144:XKZByVyBAl40pPSMHLdL1hALe+2NirdrQdZowUKD03x:6fAyE4wSMdoLT2NKcqwM

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  e05aa504f10cfc2051a80cab8010be1061093bde3fc0f18825338cd08c3972ea
- Size
  
  308KB
- MD5
  
  836d0ad050dfd1c041f571fca3668bc5
- SHA1
  
  6c8792c582d975a46ae81e45fd713cd750584a3a
- SHA256
  
  e05aa504f10cfc2051a80cab8010be1061093bde3fc0f18825338cd08c3972ea
- SHA512
  
  38ba016eb7471a6f9fd87d8434a718955375af50795c438d0d68f947209aefae100b44fc8fff8c40cd1c6f2f29bbfeed8d57a6891dd30b1823fe53ae9cfc8b4b
- SSDEEP
  
  6144:XKZByVyBAl40pPSMHLdL1hALe+2NirdrQdZowUKD03x:6fAyE4wSMdoLT2NKcqwM
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2