cobaltstrike | a7fd73624792d4993348fe43544628dc03569914c7a9933080789805bd550665 | Triage

Sharing

General

Target

a7fd73624792d4993348fe43544628dc03569914c7a9933080789805bd550665
Size

307KB
Sample

221203-tbqhfadg45
MD5

4057be9f1e25cfe2414406523452d90e
SHA1

5be2fb943eb8c7b191eed508485a700e4917aafc
SHA256

a7fd73624792d4993348fe43544628dc03569914c7a9933080789805bd550665
SHA512

4a9299449be938f5f8fbfb5f90888fd6ed8b05d268e86ad8c7dc3c05e86388470aaa4a05030eced68168a029ba2c2026432d1af915131ea70291d5eed0695c11
SSDEEP

6144:mTfzWT72Y0SgzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOmPECYeixlYGicm:mTrS7SSjYsY1UMqMZJYSN7wbstOm8fvw

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  a7fd73624792d4993348fe43544628dc03569914c7a9933080789805bd550665
- Size
  
  307KB
- MD5
  
  4057be9f1e25cfe2414406523452d90e
- SHA1
  
  5be2fb943eb8c7b191eed508485a700e4917aafc
- SHA256
  
  a7fd73624792d4993348fe43544628dc03569914c7a9933080789805bd550665
- SHA512
  
  4a9299449be938f5f8fbfb5f90888fd6ed8b05d268e86ad8c7dc3c05e86388470aaa4a05030eced68168a029ba2c2026432d1af915131ea70291d5eed0695c11
- SSDEEP
  
  6144:mTfzWT72Y0SgzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOmPECYeixlYGicm:mTrS7SSjYsY1UMqMZJYSN7wbstOm8fvw
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan