cobaltstrike | cf799e2653967d10af88cb348e0b15acfe642002980b76b3740abec7d0f1a3aa | Triage

Sharing

General

Target

cf799e2653967d10af88cb348e0b15acfe642002980b76b3740abec7d0f1a3aa
Size

307KB
Sample

221201-vwq55sed9w
MD5

4d53cdb522a85911f08935285bd710cb
SHA1

197fa11e5641f902cc5a7e5e005c63ceddd26084
SHA256

cf799e2653967d10af88cb348e0b15acfe642002980b76b3740abec7d0f1a3aa
SHA512

44f6413de907370f510da78e4521cc3048f2ca468b3875e500179e95251c74672bd394e49f80660811276231a4c28e39f5e9c016c3f20aa49d5acb0097a46a18
SSDEEP

6144:2qzUT72Y0SdzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOlPECYeixlYGiccj:2CI7SSUYsY1UMqMZJYSN7wbstOl8fve1

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  cf799e2653967d10af88cb348e0b15acfe642002980b76b3740abec7d0f1a3aa
- Size
  
  307KB
- MD5
  
  4d53cdb522a85911f08935285bd710cb
- SHA1
  
  197fa11e5641f902cc5a7e5e005c63ceddd26084
- SHA256
  
  cf799e2653967d10af88cb348e0b15acfe642002980b76b3740abec7d0f1a3aa
- SHA512
  
  44f6413de907370f510da78e4521cc3048f2ca468b3875e500179e95251c74672bd394e49f80660811276231a4c28e39f5e9c016c3f20aa49d5acb0097a46a18
- SSDEEP
  
  6144:2qzUT72Y0SdzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOlPECYeixlYGiccj:2CI7SSUYsY1UMqMZJYSN7wbstOl8fve1
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan