cobaltstrike | 9fa6777f2677f387a56fcefd48ef8346afef701d46a9bd664b30c47933e65f20 | Triage

Sharing

General

Target

9fa6777f2677f387a56fcefd48ef8346afef701d46a9bd664b30c47933e65f20
Size

197KB
Sample

221203-t1zgmsfh78
MD5

80c39a580fd4de240e85c9cbf8e4f0e3
SHA1

4410606f14cad27ddac84462e6965b8cdbc00504
SHA256

9fa6777f2677f387a56fcefd48ef8346afef701d46a9bd664b30c47933e65f20
SHA512

f4a17bf666893fb3dad15746bd02693e73959f7a6d01e042b7805c280e62dd8749b3a47add44d50c2cf266004f131e8de6fb2e6d46c6539eba844dd477f88569
SSDEEP

1536:aX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WW5RXQ:ov5hm7VmBP7PtReQJUhMLgEW5RX

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  9fa6777f2677f387a56fcefd48ef8346afef701d46a9bd664b30c47933e65f20
- Size
  
  197KB
- MD5
  
  80c39a580fd4de240e85c9cbf8e4f0e3
- SHA1
  
  4410606f14cad27ddac84462e6965b8cdbc00504
- SHA256
  
  9fa6777f2677f387a56fcefd48ef8346afef701d46a9bd664b30c47933e65f20
- SHA512
  
  f4a17bf666893fb3dad15746bd02693e73959f7a6d01e042b7805c280e62dd8749b3a47add44d50c2cf266004f131e8de6fb2e6d46c6539eba844dd477f88569
- SSDEEP
  
  1536:aX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WW5RXQ:ov5hm7VmBP7PtReQJUhMLgEW5RX
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan