cobaltstrike | 68821a93b75d98197aea50b87caa9ec77b43435c3a44b50f551aff4b38343b98 | Triage

Sharing

General

Target

68821a93b75d98197aea50b87caa9ec77b43435c3a44b50f551aff4b38343b98
Size

120KB
Sample

221201-d9nhqsbd98
MD5

424e4082fe99154fbd50393153979dfb
SHA1

40800fe0eb1725303f3b2a51439d1a80394eb5e2
SHA256

68821a93b75d98197aea50b87caa9ec77b43435c3a44b50f551aff4b38343b98
SHA512

8170e3062f9e023bee0b43a65fa830e03bd8556b5e30999f3fa8052bc297573075b8c33c1527bc5795287f5a4482c317e56f67a2ae306361c5db0d659ab24dc3
SSDEEP

1536:PX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQ:Pv5hm7VmBP7PtReQJUhMLgEE5RX

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  68821a93b75d98197aea50b87caa9ec77b43435c3a44b50f551aff4b38343b98
- Size
  
  120KB
- MD5
  
  424e4082fe99154fbd50393153979dfb
- SHA1
  
  40800fe0eb1725303f3b2a51439d1a80394eb5e2
- SHA256
  
  68821a93b75d98197aea50b87caa9ec77b43435c3a44b50f551aff4b38343b98
- SHA512
  
  8170e3062f9e023bee0b43a65fa830e03bd8556b5e30999f3fa8052bc297573075b8c33c1527bc5795287f5a4482c317e56f67a2ae306361c5db0d659ab24dc3
- SSDEEP
  
  1536:PX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQ:Pv5hm7VmBP7PtReQJUhMLgEE5RX
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan