cobaltstrike | b6e994d66f575d161506593466427d6bf18a506be5e3764dcc2a33df058a8047 | Triage

Sharing

General

Target

b6e994d66f575d161506593466427d6bf18a506be5e3764dcc2a33df058a8047
Size

305KB
Sample

221203-hj7wxagd7x
MD5

3a91900872047bf75c3dc4a1a126e0c2
SHA1

8166fe5e7b44e191f6e69eb4d1441a22eedc8174
SHA256

b6e994d66f575d161506593466427d6bf18a506be5e3764dcc2a33df058a8047
SHA512

990fefb26137b562660e306fd36f1271e4ef26c042c553c86a5b421dcd0a5b1903b7e3b5742f007e8ab9ace2fd4117c46e8d1d3f0738e304d3cb42fdd35a1bf4
SSDEEP

6144:5GSzytT72Y0SWzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOkPECYeixlYGicg:5Gqyh7SSxYsY1UMqMZJYSN7wbstOk8fa

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  b6e994d66f575d161506593466427d6bf18a506be5e3764dcc2a33df058a8047
- Size
  
  305KB
- MD5
  
  3a91900872047bf75c3dc4a1a126e0c2
- SHA1
  
  8166fe5e7b44e191f6e69eb4d1441a22eedc8174
- SHA256
  
  b6e994d66f575d161506593466427d6bf18a506be5e3764dcc2a33df058a8047
- SHA512
  
  990fefb26137b562660e306fd36f1271e4ef26c042c553c86a5b421dcd0a5b1903b7e3b5742f007e8ab9ace2fd4117c46e8d1d3f0738e304d3cb42fdd35a1bf4
- SSDEEP
  
  6144:5GSzytT72Y0SWzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOkPECYeixlYGicg:5Gqyh7SSxYsY1UMqMZJYSN7wbstOk8fa
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan