cobaltstrike | c2e4e5a8627d1b8b25c24bac367dcaba80aa7a6c7ecd9136ffa24fd2ab59b0a4 | Triage

Sharing

General

Target

c2e4e5a8627d1b8b25c24bac367dcaba80aa7a6c7ecd9136ffa24fd2ab59b0a4
Size

121KB
Sample

221130-1w33lahe77
MD5

15d80dc249f8891e4faace8901313869
SHA1

304542307914a82345938cb613b533387dfc05a5
SHA256

c2e4e5a8627d1b8b25c24bac367dcaba80aa7a6c7ecd9136ffa24fd2ab59b0a4
SHA512

fb73796cbc5c18db67f9ab16b976bbafe910519d79596ef360b3f2d220a6dc4f6e8adc734d9ea900c4e28bfad34af7b1d9c2053fd637469798b25b37f7cafc25
SSDEEP

1536:oX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQw:+v5hm7VmBP7PtReQJUhMLgEE5RXH

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  c2e4e5a8627d1b8b25c24bac367dcaba80aa7a6c7ecd9136ffa24fd2ab59b0a4
- Size
  
  121KB
- MD5
  
  15d80dc249f8891e4faace8901313869
- SHA1
  
  304542307914a82345938cb613b533387dfc05a5
- SHA256
  
  c2e4e5a8627d1b8b25c24bac367dcaba80aa7a6c7ecd9136ffa24fd2ab59b0a4
- SHA512
  
  fb73796cbc5c18db67f9ab16b976bbafe910519d79596ef360b3f2d220a6dc4f6e8adc734d9ea900c4e28bfad34af7b1d9c2053fd637469798b25b37f7cafc25
- SSDEEP
  
  1536:oX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQw:+v5hm7VmBP7PtReQJUhMLgEE5RXH
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan