cobaltstrike | b454d38095c759da1ab2f89b5fe17955c53b5ae02dccad8852cc035f35c42b77 | Triage

Sharing

General

Target

b454d38095c759da1ab2f89b5fe17955c53b5ae02dccad8852cc035f35c42b77
Size

312KB
Sample

221203-dgby8shd46
MD5

918b36ccf7ad9279a730de0605c1090f
SHA1

9279497f46447f186c829e44f6e806b2a83058a1
SHA256

b454d38095c759da1ab2f89b5fe17955c53b5ae02dccad8852cc035f35c42b77
SHA512

2c71f4e74e67d435069ebf543d2230b02e4103ecbe4d0f588793f0d14d1a94db344db49853f60d67e6e2ef8f8d9354dbbd5654cb3eb0da65c13130e6760f852e
SSDEEP

6144:xWI+jNXUeLFTiCRTy7wzFzRODpyUOr2//m2TnLo0Dzs:EIQU2iCvxzKy1rc/msa

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  b454d38095c759da1ab2f89b5fe17955c53b5ae02dccad8852cc035f35c42b77
- Size
  
  312KB
- MD5
  
  918b36ccf7ad9279a730de0605c1090f
- SHA1
  
  9279497f46447f186c829e44f6e806b2a83058a1
- SHA256
  
  b454d38095c759da1ab2f89b5fe17955c53b5ae02dccad8852cc035f35c42b77
- SHA512
  
  2c71f4e74e67d435069ebf543d2230b02e4103ecbe4d0f588793f0d14d1a94db344db49853f60d67e6e2ef8f8d9354dbbd5654cb3eb0da65c13130e6760f852e
- SSDEEP
  
  6144:xWI+jNXUeLFTiCRTy7wzFzRODpyUOr2//m2TnLo0Dzs:EIQU2iCvxzKy1rc/msa
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan