cobaltstrike | a2c22dd4ff6d68cb029e35f325a294f7aefe66286cc71482d9c871898abcb391 | Triage

Sharing

General

Target

a2c22dd4ff6d68cb029e35f325a294f7aefe66286cc71482d9c871898abcb391
Size

315KB
Sample

221203-3c7msaad9x
MD5

92a2c73ecf5ab23b45106a3a987f0136
SHA1

871df509a6b7fbe0d2b7e371cfb9c817ddd1602c
SHA256

a2c22dd4ff6d68cb029e35f325a294f7aefe66286cc71482d9c871898abcb391
SHA512

28cb3da203952f4809ad8d1fe76fef70ce4a96d9c25b72718d63b91b24c296c3f2eb87c8bd3cda3dbc41ab174d79f88bdd5559d98cd8f35779cfe1d4fa9b46e2
SSDEEP

6144:Hq3gCzeoqWYHtSpYnI+tnYDcMbY4FmNzNwm+MhUawxO1BcC1cj:Hq3Iz1N1nI+1Kb5KzNVNdPcnj

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  a2c22dd4ff6d68cb029e35f325a294f7aefe66286cc71482d9c871898abcb391
- Size
  
  315KB
- MD5
  
  92a2c73ecf5ab23b45106a3a987f0136
- SHA1
  
  871df509a6b7fbe0d2b7e371cfb9c817ddd1602c
- SHA256
  
  a2c22dd4ff6d68cb029e35f325a294f7aefe66286cc71482d9c871898abcb391
- SHA512
  
  28cb3da203952f4809ad8d1fe76fef70ce4a96d9c25b72718d63b91b24c296c3f2eb87c8bd3cda3dbc41ab174d79f88bdd5559d98cd8f35779cfe1d4fa9b46e2
- SSDEEP
  
  6144:Hq3gCzeoqWYHtSpYnI+tnYDcMbY4FmNzNwm+MhUawxO1BcC1cj:Hq3Iz1N1nI+1Kb5KzNVNdPcnj
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan