cobaltstrike | b2525e8d48a1cb4358ed8a0e8de33f4f4d539a21659183edf5590c3672c11ffa | Triage

Sharing

General

Target

b2525e8d48a1cb4358ed8a0e8de33f4f4d539a21659183edf5590c3672c11ffa
Size

115KB
Sample

221129-17c1jsfh9s
MD5

cd1dc6c7851f6c43b87c427848c9bef9
SHA1

4e70004a0753c1f6ce23e1f0e4f565843574d3da
SHA256

b2525e8d48a1cb4358ed8a0e8de33f4f4d539a21659183edf5590c3672c11ffa
SHA512

1bec38722b2fafeb83f04173b5f26e9fc61eb975c70ac8bf73ad367662957613d0bb99afd3c890974f5954f5bd56548877f533c35a2cd400192cfb1f9210ceb5
SSDEEP

1536:+++fq6M5b9NqTxV67wAInyAeG+90MHJaOsp1gMIEELZ2G6CNgRtOOOOOOOOEQ6h:+++VMoTxyi9e7O1IXLoSWRqX

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  b2525e8d48a1cb4358ed8a0e8de33f4f4d539a21659183edf5590c3672c11ffa
- Size
  
  115KB
- MD5
  
  cd1dc6c7851f6c43b87c427848c9bef9
- SHA1
  
  4e70004a0753c1f6ce23e1f0e4f565843574d3da
- SHA256
  
  b2525e8d48a1cb4358ed8a0e8de33f4f4d539a21659183edf5590c3672c11ffa
- SHA512
  
  1bec38722b2fafeb83f04173b5f26e9fc61eb975c70ac8bf73ad367662957613d0bb99afd3c890974f5954f5bd56548877f533c35a2cd400192cfb1f9210ceb5
- SSDEEP
  
  1536:+++fq6M5b9NqTxV67wAInyAeG+90MHJaOsp1gMIEELZ2G6CNgRtOOOOOOOOEQ6h:+++VMoTxyi9e7O1IXLoSWRqX
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan