cobaltstrike | 89f7a6380da128ef25af7a3cd5d9b0240b96c2afefddee9d7c183de8146ca7db | Triage

Sharing

General

Target

89f7a6380da128ef25af7a3cd5d9b0240b96c2afefddee9d7c183de8146ca7db
Size

312KB
Sample

221203-dgckrshd48
MD5

c05cb0dd31005612e83654b475b82b6a
SHA1

3ef53ec1547cd65dfda193a930a48ceab980a28c
SHA256

89f7a6380da128ef25af7a3cd5d9b0240b96c2afefddee9d7c183de8146ca7db
SHA512

673f121b6a80b7d61b160abfb68ab55d6457f37f19d022626ca184bb87c78b98f7fa85f98d016c516dbb1b3d21e61c9116d3f45af43c0b692020db2fe36f34f0
SSDEEP

6144:xWI+jNXUeSFTCCRTy7wzFzRODpyUOr2//W2TnLo0DUb:EIQU1CCvxzKy1rc/Wsc

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  89f7a6380da128ef25af7a3cd5d9b0240b96c2afefddee9d7c183de8146ca7db
- Size
  
  312KB
- MD5
  
  c05cb0dd31005612e83654b475b82b6a
- SHA1
  
  3ef53ec1547cd65dfda193a930a48ceab980a28c
- SHA256
  
  89f7a6380da128ef25af7a3cd5d9b0240b96c2afefddee9d7c183de8146ca7db
- SHA512
  
  673f121b6a80b7d61b160abfb68ab55d6457f37f19d022626ca184bb87c78b98f7fa85f98d016c516dbb1b3d21e61c9116d3f45af43c0b692020db2fe36f34f0
- SSDEEP
  
  6144:xWI+jNXUeSFTCCRTy7wzFzRODpyUOr2//W2TnLo0DUb:EIQU1CCvxzKy1rc/Wsc
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan