cobaltstrike | b987f2f8b5defa1739e01b352d8513a51091fb4ea30d498fa458e241d1f79c15 | Triage

Sharing

General

Target

b987f2f8b5defa1739e01b352d8513a51091fb4ea30d498fa458e241d1f79c15
Size

306KB
Sample

221130-2k27laeh2v
MD5

f4137580101ff3b1d2870b87a94102cb
SHA1

6d6ec182b079443cb207c53358cf3f44907b6b0c
SHA256

b987f2f8b5defa1739e01b352d8513a51091fb4ea30d498fa458e241d1f79c15
SHA512

78afd86dd345017d52d6cf6cceab0d1a79d3062bea63754e67ccfb7f33a251c1b5607efa8c3e085086bc3e6e637a05c91c36a4ca135f7828d66ebc5524815209
SSDEEP

6144:bGRzmT72Y0S5zinYKTY1SQshfRPVQe1MZkIYSccr7wbstOTPECYeixlYGicZ:bGBC7SSAYsY1UMqMZJYSN7wbstOT8fvj

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  b987f2f8b5defa1739e01b352d8513a51091fb4ea30d498fa458e241d1f79c15
- Size
  
  306KB
- MD5
  
  f4137580101ff3b1d2870b87a94102cb
- SHA1
  
  6d6ec182b079443cb207c53358cf3f44907b6b0c
- SHA256
  
  b987f2f8b5defa1739e01b352d8513a51091fb4ea30d498fa458e241d1f79c15
- SHA512
  
  78afd86dd345017d52d6cf6cceab0d1a79d3062bea63754e67ccfb7f33a251c1b5607efa8c3e085086bc3e6e637a05c91c36a4ca135f7828d66ebc5524815209
- SSDEEP
  
  6144:bGRzmT72Y0S5zinYKTY1SQshfRPVQe1MZkIYSccr7wbstOTPECYeixlYGicZ:bGBC7SSAYsY1UMqMZJYSN7wbstOT8fvj
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan