cobaltstrike | bb10b6fa2c0ea28096e9c2a9cbd95e393514faa9d743dd908d801336fad6dbb6 | Triage

Sharing

General

Target

bb10b6fa2c0ea28096e9c2a9cbd95e393514faa9d743dd908d801336fad6dbb6
Size

307KB
Sample

221130-2gw66see9s
MD5

47d8ca10e1cc66584cbf1763c05ddf56
SHA1

0dbecf4a2eb2db2924c5ca0bac68d8bd62571d9e
SHA256

bb10b6fa2c0ea28096e9c2a9cbd95e393514faa9d743dd908d801336fad6dbb6
SHA512

9c63b7d624572e1595a805e62d32c7439c006679394012e712709f47ebc855b04c730d98b168cb0e501e8939368f137ad470c2a82df889704a1321c7afaf54de
SSDEEP

6144:mTfzqT72Y0SkzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOhwPECYeixlYGicYl:mTre7SS3YsY1UMqMZJYSN7wbstOq8fv2

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  bb10b6fa2c0ea28096e9c2a9cbd95e393514faa9d743dd908d801336fad6dbb6
- Size
  
  307KB
- MD5
  
  47d8ca10e1cc66584cbf1763c05ddf56
- SHA1
  
  0dbecf4a2eb2db2924c5ca0bac68d8bd62571d9e
- SHA256
  
  bb10b6fa2c0ea28096e9c2a9cbd95e393514faa9d743dd908d801336fad6dbb6
- SHA512
  
  9c63b7d624572e1595a805e62d32c7439c006679394012e712709f47ebc855b04c730d98b168cb0e501e8939368f137ad470c2a82df889704a1321c7afaf54de
- SSDEEP
  
  6144:mTfzqT72Y0SkzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOhwPECYeixlYGicYl:mTre7SS3YsY1UMqMZJYSN7wbstOq8fv2
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan