cobaltstrike | c47a564084c6f2fbd4f0e5515c57d41502993dab36668ff44f23da16f8cffe8f | Triage

Sharing

General

Target

c47a564084c6f2fbd4f0e5515c57d41502993dab36668ff44f23da16f8cffe8f
Size

307KB
Sample

221130-1scq8scc6v
MD5

3796b7685a5bd4e11472c05cbf124466
SHA1

018c5f3f5a2469460eb346833998d34e393f43fe
SHA256

c47a564084c6f2fbd4f0e5515c57d41502993dab36668ff44f23da16f8cffe8f
SHA512

8ce1fc0438db46e426fa9c97376d598a5ecbab8c4733edc0114a9365c03bb0dba6d134063b501ca07d7bdc31c8672515a5f5e41a5f15d067eab8ebfa2303d6ce
SSDEEP

6144:RGXz+T72Y0SizinYKTY1SQshfRPVQe1MZkIYSccr7wbstOUPECYeixlYGicN:RGDq7SSNYsY1UMqMZJYSN7wbstOU8fvf

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  c47a564084c6f2fbd4f0e5515c57d41502993dab36668ff44f23da16f8cffe8f
- Size
  
  307KB
- MD5
  
  3796b7685a5bd4e11472c05cbf124466
- SHA1
  
  018c5f3f5a2469460eb346833998d34e393f43fe
- SHA256
  
  c47a564084c6f2fbd4f0e5515c57d41502993dab36668ff44f23da16f8cffe8f
- SHA512
  
  8ce1fc0438db46e426fa9c97376d598a5ecbab8c4733edc0114a9365c03bb0dba6d134063b501ca07d7bdc31c8672515a5f5e41a5f15d067eab8ebfa2303d6ce
- SSDEEP
  
  6144:RGXz+T72Y0SizinYKTY1SQshfRPVQe1MZkIYSccr7wbstOUPECYeixlYGicN:RGDq7SSNYsY1UMqMZJYSN7wbstOU8fvf
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan