Overview

overview

10

Static

static

c333a910a7...a.dotm

windows7-x64

10

c333a910a7...a.dotm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c333a910a76073a97c782797300ed86a

  • Size

    30KB

  • Sample

    221129-zn76xaab9x

  • MD5

    c333a910a76073a97c782797300ed86a

  • SHA1

    2417f54dbcdb454c5ce863b417e01147aedecaa3

  • SHA256

    9c80583fb6e199bb41c3af8d9ad0084bdbdd63e1cc754070a3f96142d59a0a19

  • SHA512

    fe3d6e86f3a0f68493bf7da218cc277984492161e9f26af42ffe9461d938a1a62644fe6d430f048591fcd9ead29ebb4b60cb3d0a5ac6fbf24bae4413981027e3

  • SSDEEP

    768:FL8QNgqlsfek8iojink0GdXeiVsk0j/cm:xgrud+nk0Gd/VX0j/r

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Targets

    • Target

      c333a910a76073a97c782797300ed86a

    • Size

      30KB

    • MD5

      c333a910a76073a97c782797300ed86a

    • SHA1

      2417f54dbcdb454c5ce863b417e01147aedecaa3

    • SHA256

      9c80583fb6e199bb41c3af8d9ad0084bdbdd63e1cc754070a3f96142d59a0a19

    • SHA512

      fe3d6e86f3a0f68493bf7da218cc277984492161e9f26af42ffe9461d938a1a62644fe6d430f048591fcd9ead29ebb4b60cb3d0a5ac6fbf24bae4413981027e3

    • SSDEEP

      768:FL8QNgqlsfek8iojink0GdXeiVsk0j/cm:xgrud+nk0Gd/VX0j/r

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks