cobaltstrike | a8301f7da762a3574370e89584970392c1d9242ab40ab43ec092e24f7357df64 | Triage

Sharing

General

Target

a8301f7da762a3574370e89584970392c1d9242ab40ab43ec092e24f7357df64
Size

315KB
Sample

221203-3c619aad9w
MD5

fc0c329d5f7d709ac54bcabc29cb68a5
SHA1

d6d26ee2e3d43f6b38da33e284ec31810f9d26fa
SHA256

a8301f7da762a3574370e89584970392c1d9242ab40ab43ec092e24f7357df64
SHA512

2890b9b64c6b9bfa45ac65b47528e159dd901598f861615872f4aa9682adbe31dc8b4f0d5a867fb76c70cc1b32fe3432ff953dc1228179cb3d86fab8527dc0ac
SSDEEP

6144:Hq3gCcNoqWYHtSdYnI+tnYDcMbY4FmNzNwm+MhUaYxO1BcC1cgi:Hq3Gz1NlnI+1Kb5KzNVNlPcngi

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  a8301f7da762a3574370e89584970392c1d9242ab40ab43ec092e24f7357df64
- Size
  
  315KB
- MD5
  
  fc0c329d5f7d709ac54bcabc29cb68a5
- SHA1
  
  d6d26ee2e3d43f6b38da33e284ec31810f9d26fa
- SHA256
  
  a8301f7da762a3574370e89584970392c1d9242ab40ab43ec092e24f7357df64
- SHA512
  
  2890b9b64c6b9bfa45ac65b47528e159dd901598f861615872f4aa9682adbe31dc8b4f0d5a867fb76c70cc1b32fe3432ff953dc1228179cb3d86fab8527dc0ac
- SSDEEP
  
  6144:Hq3gCcNoqWYHtSdYnI+tnYDcMbY4FmNzNwm+MhUaYxO1BcC1cgi:Hq3Gz1NlnI+1Kb5KzNVNlPcngi
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan