cobaltstrike | 798ff6ecbdaaff9c14f948b68c6ce2dd54e193bfd0f324e00cf0372df7a5b3a1 | Triage

Sharing

General

Target

798ff6ecbdaaff9c14f948b68c6ce2dd54e193bfd0f324e00cf0372df7a5b3a1
Size

140KB
Sample

221201-djne2sch2v
MD5

864cbc9555983d333324c76b9cedc7a7
SHA1

7a3b53e9ae4628a64b5ef0161a1f1b9d6268cb99
SHA256

798ff6ecbdaaff9c14f948b68c6ce2dd54e193bfd0f324e00cf0372df7a5b3a1
SHA512

8faa8a94b1d04dd57c7db0e38b931fc5fd449a848c646ceee0e78dfb64a1de579e06a07465ee1fe3888956ea47c8038ccffcf5cfe96880f0dac7eb95ba92e82d
SSDEEP

1536:qX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQ:Yv5hm7VmBP7PtReQJUhMLgEE5RX

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  798ff6ecbdaaff9c14f948b68c6ce2dd54e193bfd0f324e00cf0372df7a5b3a1
- Size
  
  140KB
- MD5
  
  864cbc9555983d333324c76b9cedc7a7
- SHA1
  
  7a3b53e9ae4628a64b5ef0161a1f1b9d6268cb99
- SHA256
  
  798ff6ecbdaaff9c14f948b68c6ce2dd54e193bfd0f324e00cf0372df7a5b3a1
- SHA512
  
  8faa8a94b1d04dd57c7db0e38b931fc5fd449a848c646ceee0e78dfb64a1de579e06a07465ee1fe3888956ea47c8038ccffcf5cfe96880f0dac7eb95ba92e82d
- SSDEEP
  
  1536:qX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQ:Yv5hm7VmBP7PtReQJUhMLgEE5RX
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan