cobaltstrike | c31026364ef46dfb5ace4f4a0ac73e8b9f874dc517e3d052f3155d497c96d9bf | Triage

Sharing

General

Target

c31026364ef46dfb5ace4f4a0ac73e8b9f874dc517e3d052f3155d497c96d9bf
Size

307KB
Sample

221203-gddv7sda9z
MD5

7dffc7e2a8fc9d7240006bf7a98abde8
SHA1

0f77a9b9c4435d7a255cef7294832786d605da4a
SHA256

c31026364ef46dfb5ace4f4a0ac73e8b9f874dc517e3d052f3155d497c96d9bf
SHA512

265fbdb016929b03a2f441717fde7ded7c42ffb65dfa69b59223b87c2d054812f405fb8c1757d055576040089ebebed638577692c842f7de4a9cdbd3f96f6e26
SSDEEP

6144:2qzwT72Y0SqzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOIPECYeixlYGic9i:2C87SSFYsY1UMqMZJYSN7wbstOI8fveT

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  c31026364ef46dfb5ace4f4a0ac73e8b9f874dc517e3d052f3155d497c96d9bf
- Size
  
  307KB
- MD5
  
  7dffc7e2a8fc9d7240006bf7a98abde8
- SHA1
  
  0f77a9b9c4435d7a255cef7294832786d605da4a
- SHA256
  
  c31026364ef46dfb5ace4f4a0ac73e8b9f874dc517e3d052f3155d497c96d9bf
- SHA512
  
  265fbdb016929b03a2f441717fde7ded7c42ffb65dfa69b59223b87c2d054812f405fb8c1757d055576040089ebebed638577692c842f7de4a9cdbd3f96f6e26
- SSDEEP
  
  6144:2qzwT72Y0SqzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOIPECYeixlYGic9i:2C87SSFYsY1UMqMZJYSN7wbstOI8fveT
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan