cobaltstrike | be29edd1a9ec851cba0620b46a934211e96edc0d00008bb46b296d8dc8ea7d2b | Triage

Sharing

General

Target

be29edd1a9ec851cba0620b46a934211e96edc0d00008bb46b296d8dc8ea7d2b
Size

312KB
Sample

221203-gt5c4aba38
MD5

8994f0c6fb51940bca5dbbdaad6a8a2d
SHA1

5499b96409af5f619af42dc4e8daa7a6551bc240
SHA256

be29edd1a9ec851cba0620b46a934211e96edc0d00008bb46b296d8dc8ea7d2b
SHA512

d6b161f9fd27a2283267a26032fbbdd813270462bd2cc86ecd8889e6d16a8c757a0efe9095fbf54aef08f7be4f2f47fd3d3878886574152c293ec8b3745b1b44
SSDEEP

6144:I+1VyBRl40pPUMHLdL1hALe+2NirdrQdZiwUKD0cE:IEy94wUMdoLT2NKcww8

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  be29edd1a9ec851cba0620b46a934211e96edc0d00008bb46b296d8dc8ea7d2b
- Size
  
  312KB
- MD5
  
  8994f0c6fb51940bca5dbbdaad6a8a2d
- SHA1
  
  5499b96409af5f619af42dc4e8daa7a6551bc240
- SHA256
  
  be29edd1a9ec851cba0620b46a934211e96edc0d00008bb46b296d8dc8ea7d2b
- SHA512
  
  d6b161f9fd27a2283267a26032fbbdd813270462bd2cc86ecd8889e6d16a8c757a0efe9095fbf54aef08f7be4f2f47fd3d3878886574152c293ec8b3745b1b44
- SSDEEP
  
  6144:I+1VyBRl40pPUMHLdL1hALe+2NirdrQdZiwUKD0cE:IEy94wUMdoLT2NKcww8
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan