cobaltstrike | a68242d22925acc952c9b32bf7fe87ee782e592985dee1dcdbcfd6dbe7859928 | Triage

Sharing

General

Target

a68242d22925acc952c9b32bf7fe87ee782e592985dee1dcdbcfd6dbe7859928
Size

312KB
Sample

221203-tfvyqaeb55
MD5

eeae2ca96761b0df98c83a7eae0c2ee9
SHA1

dd38b41dbd472d27c46b7e2c48afd211e3a59ce6
SHA256

a68242d22925acc952c9b32bf7fe87ee782e592985dee1dcdbcfd6dbe7859928
SHA512

3528f9c67a22e8b2ac9b11dc2598d5299f2a66adc5a55cffad4d1bc87dd919eab9cf2064035090ef1f2d24e9f3353d8f4ea5b8270d508e35e70bce32c2e93a9b
SSDEEP

6144:I+1VyBRl40pPGMHLdL1hALe+2NirdrQdZUwUKD0Ek:IEy94wGMdoLT2NKcCw8

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  a68242d22925acc952c9b32bf7fe87ee782e592985dee1dcdbcfd6dbe7859928
- Size
  
  312KB
- MD5
  
  eeae2ca96761b0df98c83a7eae0c2ee9
- SHA1
  
  dd38b41dbd472d27c46b7e2c48afd211e3a59ce6
- SHA256
  
  a68242d22925acc952c9b32bf7fe87ee782e592985dee1dcdbcfd6dbe7859928
- SHA512
  
  3528f9c67a22e8b2ac9b11dc2598d5299f2a66adc5a55cffad4d1bc87dd919eab9cf2064035090ef1f2d24e9f3353d8f4ea5b8270d508e35e70bce32c2e93a9b
- SSDEEP
  
  6144:I+1VyBRl40pPGMHLdL1hALe+2NirdrQdZUwUKD0Ek:IEy94wGMdoLT2NKcCw8
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan