cobaltstrike | a62fa1e40096a202f5b2c0413d9039001269a00f6f66b81ccfaec7926667bda3 | Triage

Sharing

General

Target

a62fa1e40096a202f5b2c0413d9039001269a00f6f66b81ccfaec7926667bda3
Size

307KB
Sample

221129-eghbpagb2t
MD5

e38ad6ff85b84bcbe2985145adcd588d
SHA1

834d822a79e7403fed613506c73f8537760ab6d5
SHA256

a62fa1e40096a202f5b2c0413d9039001269a00f6f66b81ccfaec7926667bda3
SHA512

57bf6d672f2bbdb334b9102b5203c847f7f0be823d7c7c711f37100e1b0d0219baca028afec1a429aa7e01fa3de9feb593befd41e08a5fa54ef18d76320a45a9
SSDEEP

6144:mTfzqT72Y0SEuzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOHPECYeixlYGicc:mTre7SSE5YsY1UMqMZJYSN7wbstOH8f+

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  a62fa1e40096a202f5b2c0413d9039001269a00f6f66b81ccfaec7926667bda3
- Size
  
  307KB
- MD5
  
  e38ad6ff85b84bcbe2985145adcd588d
- SHA1
  
  834d822a79e7403fed613506c73f8537760ab6d5
- SHA256
  
  a62fa1e40096a202f5b2c0413d9039001269a00f6f66b81ccfaec7926667bda3
- SHA512
  
  57bf6d672f2bbdb334b9102b5203c847f7f0be823d7c7c711f37100e1b0d0219baca028afec1a429aa7e01fa3de9feb593befd41e08a5fa54ef18d76320a45a9
- SSDEEP
  
  6144:mTfzqT72Y0SEuzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOHPECYeixlYGicc:mTre7SSE5YsY1UMqMZJYSN7wbstOH8f+
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan