cobaltstrike | 73c6aad02853301be6a21cfbe2e8a08256f3d3f1226d9455e5cc5393d7b95cf9 | Triage

Sharing

General

Target

73c6aad02853301be6a21cfbe2e8a08256f3d3f1226d9455e5cc5393d7b95cf9
Size

220KB
Sample

221201-d1w4hsec2y
MD5

f40e7af0b060b35944d1ab139477b0ac
SHA1

71a8c15a611b1dc83bb04ad1fb1369cd38037361
SHA256

73c6aad02853301be6a21cfbe2e8a08256f3d3f1226d9455e5cc5393d7b95cf9
SHA512

8630a4f507d1375aceb4362fc6c728b9c92dc4ecd03887d616cf30e9a4c20be3cadf2fb06e6dc6ae02659d09f5d5737b862c636b02f3b0c09cb125c3c235dcd3
SSDEEP

1536:NX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQo:9v5hm7VmBP7PtReQJUhMLgEE5RXhPgI

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  73c6aad02853301be6a21cfbe2e8a08256f3d3f1226d9455e5cc5393d7b95cf9
- Size
  
  220KB
- MD5
  
  f40e7af0b060b35944d1ab139477b0ac
- SHA1
  
  71a8c15a611b1dc83bb04ad1fb1369cd38037361
- SHA256
  
  73c6aad02853301be6a21cfbe2e8a08256f3d3f1226d9455e5cc5393d7b95cf9
- SHA512
  
  8630a4f507d1375aceb4362fc6c728b9c92dc4ecd03887d616cf30e9a4c20be3cadf2fb06e6dc6ae02659d09f5d5737b862c636b02f3b0c09cb125c3c235dcd3
- SSDEEP
  
  1536:NX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQo:9v5hm7VmBP7PtReQJUhMLgEE5RXhPgI
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan