cobaltstrike | 9042c84e4d4137a7fee0e156dc27673c49e2f8bb80d69abd57b8a42c5fa217a0 | Triage

Sharing

General

Target

9042c84e4d4137a7fee0e156dc27673c49e2f8bb80d69abd57b8a42c5fa217a0
Size

305KB
Sample

221201-bsbfqsca24
MD5

504a67c133b8d3aad09c4436fd4b6d88
SHA1

c1cde5a52ef0c948cfb215e2eb66f5f5ce8ef39b
SHA256

9042c84e4d4137a7fee0e156dc27673c49e2f8bb80d69abd57b8a42c5fa217a0
SHA512

401a30d940f331b746fb3d2bc8469075f52caaa512a7add3217e95bf7bca37f37612e1f8a6b9833a22227794bcd2638e7099c70300b4e69e18a0e296c72907b5
SSDEEP

6144:5GSzhT72Y0StzinYKTY1SQshfRPVQe1MZkIYSccr7wbstO1PECYeixlYGicM:5Gqd7SSEYsY1UMqMZJYSN7wbstO18fvO

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  9042c84e4d4137a7fee0e156dc27673c49e2f8bb80d69abd57b8a42c5fa217a0
- Size
  
  305KB
- MD5
  
  504a67c133b8d3aad09c4436fd4b6d88
- SHA1
  
  c1cde5a52ef0c948cfb215e2eb66f5f5ce8ef39b
- SHA256
  
  9042c84e4d4137a7fee0e156dc27673c49e2f8bb80d69abd57b8a42c5fa217a0
- SHA512
  
  401a30d940f331b746fb3d2bc8469075f52caaa512a7add3217e95bf7bca37f37612e1f8a6b9833a22227794bcd2638e7099c70300b4e69e18a0e296c72907b5
- SSDEEP
  
  6144:5GSzhT72Y0StzinYKTY1SQshfRPVQe1MZkIYSccr7wbstO1PECYeixlYGicM:5Gqd7SSEYsY1UMqMZJYSN7wbstO18fvO
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan