cobaltstrike | 5ce6b3c1198cffce13064a60f9e2a9ff391d50462934312fb81b721be0633e09 | Triage

Sharing

General

Target

5ce6b3c1198cffce13064a60f9e2a9ff391d50462934312fb81b721be0633e09
Size

115KB
Sample

221129-17et5scf94
MD5

b63c8475e11d103700fbe99c039631c4
SHA1

29fe04808da5222c07bcf3b0a942ae0cfff20ce7
SHA256

5ce6b3c1198cffce13064a60f9e2a9ff391d50462934312fb81b721be0633e09
SHA512

d6ca54a09efbe3a0b1e189e58ddb31cd1b1ca40cc59d40c49d2839d0f013a761799fc67d9107c9521b0e2c65dbb73dd1868241576a17b69d05cbe78f8db11cf4
SSDEEP

1536:1++fq6M5b9NqTxV67wAInyAeG+90MHJaOsp1gMIEELZ2G6CNgRtOOOOOOOOEQ6:1++VMoTxyi9e7O1IXLoSWRq

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  5ce6b3c1198cffce13064a60f9e2a9ff391d50462934312fb81b721be0633e09
- Size
  
  115KB
- MD5
  
  b63c8475e11d103700fbe99c039631c4
- SHA1
  
  29fe04808da5222c07bcf3b0a942ae0cfff20ce7
- SHA256
  
  5ce6b3c1198cffce13064a60f9e2a9ff391d50462934312fb81b721be0633e09
- SHA512
  
  d6ca54a09efbe3a0b1e189e58ddb31cd1b1ca40cc59d40c49d2839d0f013a761799fc67d9107c9521b0e2c65dbb73dd1868241576a17b69d05cbe78f8db11cf4
- SSDEEP
  
  1536:1++fq6M5b9NqTxV67wAInyAeG+90MHJaOsp1gMIEELZ2G6CNgRtOOOOOOOOEQ6:1++VMoTxyi9e7O1IXLoSWRq
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan