Overview

overview

10

Static

static

CompiledNTVDM.zip

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CompiledNTVDM.zip

  • Size

    2.7MB

  • Sample

    221203-1hp9ksga67

  • MD5

    4b82b608988728d1e777f9582eb60fef

  • SHA1

    584e6a3057e63697d9db487d956a59e2946ad5e0

  • SHA256

    aa38afd9f6522ca8342f30b1dc8dbcaa5e3d35f0a5fbf92597a9448f11929eb1

  • SHA512

    bdfab637c0f6781e640041be48e3854258da18abef480dfd41e4b7f5634c62caa08953548db41a85aac4d0c35cca8c8a1cc4d355ef8be2024368e4d3452b1e57

  • SSDEEP

    49152:AbySyWzYrqhUrF55qmruwVtEOd3ltpbVTyq5I79+5EUuMzb:AbygMJ5ImruyV3tpJTD50dUfzb

Score
10/10
cobaltstrikebackdoordiscoverypersistencetrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://A����:3850982656�*H1�W��_P�D$#

Attributes
  • user_agent

    �*H1�W��_P�D$#

Targets

    • Target

      CompiledNTVDM.zip

    • Size

      2.7MB

    • MD5

      4b82b608988728d1e777f9582eb60fef

    • SHA1

      584e6a3057e63697d9db487d956a59e2946ad5e0

    • SHA256

      aa38afd9f6522ca8342f30b1dc8dbcaa5e3d35f0a5fbf92597a9448f11929eb1

    • SHA512

      bdfab637c0f6781e640041be48e3854258da18abef480dfd41e4b7f5634c62caa08953548db41a85aac4d0c35cca8c8a1cc4d355ef8be2024368e4d3452b1e57

    • SSDEEP

      49152:AbySyWzYrqhUrF55qmruwVtEOd3ltpbVTyq5I79+5EUuMzb:AbygMJ5ImruyV3tpJTD50dUfzb

    Score
    10/10
    cobaltstrikebackdoordiscoverypersistencetrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Modifies AppInit DLL entries

      persistence

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks