cobaltstrike | bde78d0c6fc27e28549ea16cf1d5ef7d463375cc5a90f035374eeeaf317cb7c4 | Triage

Sharing

General

Target

bde78d0c6fc27e28549ea16cf1d5ef7d463375cc5a90f035374eeeaf317cb7c4
Size

306KB
Sample

221203-gv2nlaba87
MD5

75e2e443dfb5b5c593a048d9c48c64e9
SHA1

d1245e558d39bfa8589b0b8471c39d74effdc671
SHA256

bde78d0c6fc27e28549ea16cf1d5ef7d463375cc5a90f035374eeeaf317cb7c4
SHA512

bbb8de4f94152e3d1cccc1ac3fadbe13d1b1d02c6741ddce77389285a3e8497734b01e7128bedda58e1e8af6db2cd7a2cae9235949be83ecbfe79be5d44f75ea
SSDEEP

6144:bGRzKT72Y0SmzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOYPECYeixlYGicr:bGB+7SShYsY1UMqMZJYSN7wbstOY8fv1

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  bde78d0c6fc27e28549ea16cf1d5ef7d463375cc5a90f035374eeeaf317cb7c4
- Size
  
  306KB
- MD5
  
  75e2e443dfb5b5c593a048d9c48c64e9
- SHA1
  
  d1245e558d39bfa8589b0b8471c39d74effdc671
- SHA256
  
  bde78d0c6fc27e28549ea16cf1d5ef7d463375cc5a90f035374eeeaf317cb7c4
- SHA512
  
  bbb8de4f94152e3d1cccc1ac3fadbe13d1b1d02c6741ddce77389285a3e8497734b01e7128bedda58e1e8af6db2cd7a2cae9235949be83ecbfe79be5d44f75ea
- SSDEEP
  
  6144:bGRzKT72Y0SmzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOYPECYeixlYGicr:bGB+7SShYsY1UMqMZJYSN7wbstOY8fv1
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan