cobaltstrike | 96a14b9d739b4fd978c3149b5fe2a77143a66c0a0028870c72681848d8c34651 | Triage

Sharing

General

Target

96a14b9d739b4fd978c3149b5fe2a77143a66c0a0028870c72681848d8c34651
Size

307KB
Sample

221201-zmc95sad52
MD5

4c460eee73242287483d95dba11b9aea
SHA1

8c92413171df477459d80021bb06d3c716d53bb9
SHA256

96a14b9d739b4fd978c3149b5fe2a77143a66c0a0028870c72681848d8c34651
SHA512

adacdf17ffaeda0ef4fbfa941dae44cd45f251e9897e8b9e9e5fa39d8451792f9c9edfabaf9432cba343266a8775c088b3c7de9d063a40130c7275c0e1d19c7a
SSDEEP

6144:mTfz/T72Y0SCzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOYPECYeixlYGicA:mTrb7SStYsY1UMqMZJYSN7wbstOY8fvi

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  96a14b9d739b4fd978c3149b5fe2a77143a66c0a0028870c72681848d8c34651
- Size
  
  307KB
- MD5
  
  4c460eee73242287483d95dba11b9aea
- SHA1
  
  8c92413171df477459d80021bb06d3c716d53bb9
- SHA256
  
  96a14b9d739b4fd978c3149b5fe2a77143a66c0a0028870c72681848d8c34651
- SHA512
  
  adacdf17ffaeda0ef4fbfa941dae44cd45f251e9897e8b9e9e5fa39d8451792f9c9edfabaf9432cba343266a8775c088b3c7de9d063a40130c7275c0e1d19c7a
- SSDEEP
  
  6144:mTfz/T72Y0SCzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOYPECYeixlYGicA:mTrb7SStYsY1UMqMZJYSN7wbstOY8fvi
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan