cobaltstrike | 19929ffad2b8d984f6b41b10bf3652db1a81b1b50600af145747d65f33d7682f | Triage

Sharing

General

Target

19929ffad2b8d984f6b41b10bf3652db1a81b1b50600af145747d65f33d7682f
Size

197KB
Sample

221201-gj7epsdg61
MD5

5d2ac622859d4bab975c51da1e9375a0
SHA1

7c824d556b133ed2f5ff0fec74b99feec25115e5
SHA256

19929ffad2b8d984f6b41b10bf3652db1a81b1b50600af145747d65f33d7682f
SHA512

e291a4782672c009436b68281e41c0de96a960e6580be8c8a18fad4c795cc41f5163cc03f7b3020a50e0f8942c554d2ef161a97d7f9911080fe108ed156d584c
SSDEEP

1536:bX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQ:bv5hm7VmBP7PtReQJUhMLgEE5RX

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  19929ffad2b8d984f6b41b10bf3652db1a81b1b50600af145747d65f33d7682f
- Size
  
  197KB
- MD5
  
  5d2ac622859d4bab975c51da1e9375a0
- SHA1
  
  7c824d556b133ed2f5ff0fec74b99feec25115e5
- SHA256
  
  19929ffad2b8d984f6b41b10bf3652db1a81b1b50600af145747d65f33d7682f
- SHA512
  
  e291a4782672c009436b68281e41c0de96a960e6580be8c8a18fad4c795cc41f5163cc03f7b3020a50e0f8942c554d2ef161a97d7f9911080fe108ed156d584c
- SSDEEP
  
  1536:bX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQ:bv5hm7VmBP7PtReQJUhMLgEE5RX
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan