cobaltstrike | 5bea819299c6d18b0af600480e6f2973d9084248f71a69a5f1b04f4df1fd02e0 | Triage

Sharing

General

Target

5bea819299c6d18b0af600480e6f2973d9084248f71a69a5f1b04f4df1fd02e0
Size

120KB
Sample

221201-es8b9ada92
MD5

04017b82d5b444a7da031a0dcf881b2a
SHA1

85a04c231b4e6790fafbd5eb73cedf7d0ebcfb34
SHA256

5bea819299c6d18b0af600480e6f2973d9084248f71a69a5f1b04f4df1fd02e0
SHA512

fc7bd46bb2a42f6522d38f1da69cae99a85c63c2bd75ebcd73d6db42eaeeba4b02905ee2c10572f90ddaeed3c017b3bf6483fbc05ea0cef07502825d81ff9455
SSDEEP

1536:nAlGYj0iqD9GUDsJH/mmzJi46I0lbeff/s46cX/jVLfzEzuaWzCLcHv9e6WkjRnk:CLYLsJHuci4mbqkcBLfzrBOLcPUkjRnk

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  5bea819299c6d18b0af600480e6f2973d9084248f71a69a5f1b04f4df1fd02e0
- Size
  
  120KB
- MD5
  
  04017b82d5b444a7da031a0dcf881b2a
- SHA1
  
  85a04c231b4e6790fafbd5eb73cedf7d0ebcfb34
- SHA256
  
  5bea819299c6d18b0af600480e6f2973d9084248f71a69a5f1b04f4df1fd02e0
- SHA512
  
  fc7bd46bb2a42f6522d38f1da69cae99a85c63c2bd75ebcd73d6db42eaeeba4b02905ee2c10572f90ddaeed3c017b3bf6483fbc05ea0cef07502825d81ff9455
- SSDEEP
  
  1536:nAlGYj0iqD9GUDsJH/mmzJi46I0lbeff/s46cX/jVLfzEzuaWzCLcHv9e6WkjRnk:CLYLsJHuci4mbqkcBLfzrBOLcPUkjRnk
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan