cobaltstrike | 89ff526471ab33c69eda3f04c0785aedf5a70fed8fae8034acd32d01c7c4d04b | Triage

Sharing

General

Target

89ff526471ab33c69eda3f04c0785aedf5a70fed8fae8034acd32d01c7c4d04b
Size

307KB
Sample

221129-gm2nmabf94
MD5

d484c0798632857b356842c1eef79f85
SHA1

12613ef8b018423d664f89ead54c7279994351df
SHA256

89ff526471ab33c69eda3f04c0785aedf5a70fed8fae8034acd32d01c7c4d04b
SHA512

7b5e6c83723306fe33cd930823c03241681fa21dc7c8407389bf72d771f90c42898a2c6d9e685d250dbc40877363f574c243a96116a36757d121dba36f0ecf1d
SSDEEP

6144:K0vzQT72Y0S2zinYKTY1SQshfRPVQe1MZkIYSccr7wbstO8PECYeixlYGicH:K0bc7SSRYsY1UMqMZJYSN7wbstO88fv1

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  89ff526471ab33c69eda3f04c0785aedf5a70fed8fae8034acd32d01c7c4d04b
- Size
  
  307KB
- MD5
  
  d484c0798632857b356842c1eef79f85
- SHA1
  
  12613ef8b018423d664f89ead54c7279994351df
- SHA256
  
  89ff526471ab33c69eda3f04c0785aedf5a70fed8fae8034acd32d01c7c4d04b
- SHA512
  
  7b5e6c83723306fe33cd930823c03241681fa21dc7c8407389bf72d771f90c42898a2c6d9e685d250dbc40877363f574c243a96116a36757d121dba36f0ecf1d
- SSDEEP
  
  6144:K0vzQT72Y0S2zinYKTY1SQshfRPVQe1MZkIYSccr7wbstO8PECYeixlYGicH:K0bc7SSRYsY1UMqMZJYSN7wbstO88fv1
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan