cobaltstrike | b0ab5067c2aa1902420fdb5d66245addbbd5cf016ade4465b078e821f78168c0 | Triage

Sharing

General

Target

b0ab5067c2aa1902420fdb5d66245addbbd5cf016ade4465b078e821f78168c0
Size

307KB
Sample

221129-djhvkadc9x
MD5

5ba1d5478ba50457034d693900a0b99f
SHA1

185048b7a6bb56b59a785829c529f84f4b4fbf2d
SHA256

b0ab5067c2aa1902420fdb5d66245addbbd5cf016ade4465b078e821f78168c0
SHA512

2bc4a75ffb7505e8628839df46b033f83b29a6eeafc922c961a2028b6a99e65632466ef04261c07ced3280bde9e487d9cc08df6e6ce08b4ab35fdf6d5e3f5b1b
SSDEEP

6144:2qzOT72Y0SYzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOiPECYeixlYGicZi:2Ca7SSLYsY1UMqMZJYSN7wbstOi8fvev

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  b0ab5067c2aa1902420fdb5d66245addbbd5cf016ade4465b078e821f78168c0
- Size
  
  307KB
- MD5
  
  5ba1d5478ba50457034d693900a0b99f
- SHA1
  
  185048b7a6bb56b59a785829c529f84f4b4fbf2d
- SHA256
  
  b0ab5067c2aa1902420fdb5d66245addbbd5cf016ade4465b078e821f78168c0
- SHA512
  
  2bc4a75ffb7505e8628839df46b033f83b29a6eeafc922c961a2028b6a99e65632466ef04261c07ced3280bde9e487d9cc08df6e6ce08b4ab35fdf6d5e3f5b1b
- SSDEEP
  
  6144:2qzOT72Y0SYzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOiPECYeixlYGicZi:2Ca7SSLYsY1UMqMZJYSN7wbstOi8fvev
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan