cobaltstrike | 9a502bb1e6361fe1c82bd4c41a00cfd453b9b517742dfe6ccbb6ccaabacaed15 | Triage

Sharing

General

Target

9a502bb1e6361fe1c82bd4c41a00cfd453b9b517742dfe6ccbb6ccaabacaed15
Size

124KB
Sample

221204-3q3wrafg27
MD5

0d5ee44cfe023e0d658f2b798b78cb86
SHA1

cdcdf709eeb09872cdff5f144838eb4595442744
SHA256

9a502bb1e6361fe1c82bd4c41a00cfd453b9b517742dfe6ccbb6ccaabacaed15
SHA512

e2b6bee49795ad434f6dbf964778b1edee4ecc1cbf453b7ff18b189183ae403a76fe06b9b04462ed51a10489d044520c60e698bdf62d36099b2025cfe8068da6
SSDEEP

1536:FX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6Wy5RXQ:lv5hm7VmBP7PtReQJUhMLgEy5RX

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  9a502bb1e6361fe1c82bd4c41a00cfd453b9b517742dfe6ccbb6ccaabacaed15
- Size
  
  124KB
- MD5
  
  0d5ee44cfe023e0d658f2b798b78cb86
- SHA1
  
  cdcdf709eeb09872cdff5f144838eb4595442744
- SHA256
  
  9a502bb1e6361fe1c82bd4c41a00cfd453b9b517742dfe6ccbb6ccaabacaed15
- SHA512
  
  e2b6bee49795ad434f6dbf964778b1edee4ecc1cbf453b7ff18b189183ae403a76fe06b9b04462ed51a10489d044520c60e698bdf62d36099b2025cfe8068da6
- SSDEEP
  
  1536:FX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6Wy5RXQ:lv5hm7VmBP7PtReQJUhMLgEy5RX
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan