cobaltstrike | 983539fea8819a081e8c5d8367584f75ae2fa29d876df61b571c14407db8c23c | Triage

Sharing

General

Target

983539fea8819a081e8c5d8367584f75ae2fa29d876df61b571c14407db8c23c
Size

307KB
Sample

221129-fgj1ysba6t
MD5

f67a8d6bed6d63fa667bfe6a04e29074
SHA1

124f21cffb07ff1f3972eaf44eb19c13f338f513
SHA256

983539fea8819a081e8c5d8367584f75ae2fa29d876df61b571c14407db8c23c
SHA512

c0d50f486c62598008ee82c847312fbe673eb7e748ba9a61f3f0c78ad8e6571e6e6834a8ca1dd9d018787055eecb224fa379f4211c99bdba5e7dfb0573909a9a
SSDEEP

6144:mTfzzT72Y0StzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOtPECYeixlYGicC:mTr37SSEYsY1UMqMZJYSN7wbstOt8fvs

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  983539fea8819a081e8c5d8367584f75ae2fa29d876df61b571c14407db8c23c
- Size
  
  307KB
- MD5
  
  f67a8d6bed6d63fa667bfe6a04e29074
- SHA1
  
  124f21cffb07ff1f3972eaf44eb19c13f338f513
- SHA256
  
  983539fea8819a081e8c5d8367584f75ae2fa29d876df61b571c14407db8c23c
- SHA512
  
  c0d50f486c62598008ee82c847312fbe673eb7e748ba9a61f3f0c78ad8e6571e6e6834a8ca1dd9d018787055eecb224fa379f4211c99bdba5e7dfb0573909a9a
- SSDEEP
  
  6144:mTfzzT72Y0StzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOtPECYeixlYGicC:mTr37SSEYsY1UMqMZJYSN7wbstOt8fvs
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan