cobaltstrike | ac3317233ee294a33fb5b929be0a936e34b68b1db253fdce3a71ba2d478054ea | Triage

Sharing

General

Target

ac3317233ee294a33fb5b929be0a936e34b68b1db253fdce3a71ba2d478054ea
Size

307KB
Sample

221129-dysy3sba88
MD5

b825ae08c4b00a90c4eccaddcbdf89df
SHA1

c11c62a37e168bbc06f5d50594ce966f402ba69a
SHA256

ac3317233ee294a33fb5b929be0a936e34b68b1db253fdce3a71ba2d478054ea
SHA512

dca163b8453959baaa3a0982b08aed33a9831eeb9c9e603f87e08cb93e608a5721ba52141d30f1edac0b410cddf93c578bc88e45e7e1edf45b9ca5a29b415733
SSDEEP

6144:HkSz7T72Y0SyzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOlmPECYeixlYGicH:Hkqv7SS9YsY1UMqMZJYSN7wbstO48fvV

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  ac3317233ee294a33fb5b929be0a936e34b68b1db253fdce3a71ba2d478054ea
- Size
  
  307KB
- MD5
  
  b825ae08c4b00a90c4eccaddcbdf89df
- SHA1
  
  c11c62a37e168bbc06f5d50594ce966f402ba69a
- SHA256
  
  ac3317233ee294a33fb5b929be0a936e34b68b1db253fdce3a71ba2d478054ea
- SHA512
  
  dca163b8453959baaa3a0982b08aed33a9831eeb9c9e603f87e08cb93e608a5721ba52141d30f1edac0b410cddf93c578bc88e45e7e1edf45b9ca5a29b415733
- SSDEEP
  
  6144:HkSz7T72Y0SyzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOlmPECYeixlYGicH:Hkqv7SS9YsY1UMqMZJYSN7wbstO48fvV
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan