cobaltstrike | 823de38f42e34d65431ab11017aedf991333a7a781f221e0baf111bfbd546d44 | Triage

Sharing

General

Target

823de38f42e34d65431ab11017aedf991333a7a781f221e0baf111bfbd546d44
Size

306KB
Sample

221201-cpyyasac51
MD5

cf274d348b0f2965fb2a1b28e884a4ca
SHA1

1ec5eb87beef12a838453b90a1327851af858f31
SHA256

823de38f42e34d65431ab11017aedf991333a7a781f221e0baf111bfbd546d44
SHA512

d5f00e556468b278e7990737bebf2ab086dda07b74dd26fa9fd7b3f8fbb949f0a3899f4b509161bb11212574f1f22689c10055ea7e96994aed87b314b17a0eb7
SSDEEP

6144:bGRzjT72Y0SSzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOEPECYeixlYGicU:bGBH7SSdYsY1UMqMZJYSN7wbstOE8fve

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  823de38f42e34d65431ab11017aedf991333a7a781f221e0baf111bfbd546d44
- Size
  
  306KB
- MD5
  
  cf274d348b0f2965fb2a1b28e884a4ca
- SHA1
  
  1ec5eb87beef12a838453b90a1327851af858f31
- SHA256
  
  823de38f42e34d65431ab11017aedf991333a7a781f221e0baf111bfbd546d44
- SHA512
  
  d5f00e556468b278e7990737bebf2ab086dda07b74dd26fa9fd7b3f8fbb949f0a3899f4b509161bb11212574f1f22689c10055ea7e96994aed87b314b17a0eb7
- SSDEEP
  
  6144:bGRzjT72Y0SSzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOEPECYeixlYGicU:bGBH7SSdYsY1UMqMZJYSN7wbstOE8fve
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan