cobaltstrike | b850b1ba787fb7fb607b3840f4acfec560a736aaf00aa5c07a6a8b0536e6c465 | Triage

Sharing

General

Target

b850b1ba787fb7fb607b3840f4acfec560a736aaf00aa5c07a6a8b0536e6c465
Size

311KB
Sample

221203-herdcscf46
MD5

7257b78c20538fb81e0c610a58cf54bb
SHA1

a1641167c827ca8f59fe22d169125726d283cfc4
SHA256

b850b1ba787fb7fb607b3840f4acfec560a736aaf00aa5c07a6a8b0536e6c465
SHA512

10265701daace520e079e7083c1e6749702a24530f3d83ca0c62cb01124a55d8eb0e6f992b192982b741e399e6ff65358238aeed23e7680d2df5b225f2345d6e
SSDEEP

6144:nS/3wVyBPl40pPzMHLdL1hALe+2NirdrQdZxwUKD0j:nm3myb4wzMdoLT2NKc7w6

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  b850b1ba787fb7fb607b3840f4acfec560a736aaf00aa5c07a6a8b0536e6c465
- Size
  
  311KB
- MD5
  
  7257b78c20538fb81e0c610a58cf54bb
- SHA1
  
  a1641167c827ca8f59fe22d169125726d283cfc4
- SHA256
  
  b850b1ba787fb7fb607b3840f4acfec560a736aaf00aa5c07a6a8b0536e6c465
- SHA512
  
  10265701daace520e079e7083c1e6749702a24530f3d83ca0c62cb01124a55d8eb0e6f992b192982b741e399e6ff65358238aeed23e7680d2df5b225f2345d6e
- SSDEEP
  
  6144:nS/3wVyBPl40pPzMHLdL1hALe+2NirdrQdZxwUKD0j:nm3myb4wzMdoLT2NKc7w6
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan