cobaltstrike | 622c97a71938df9c3f0d01abd18a31a64957359374ddd14a6ee9e586a061510d | Triage

Sharing

General

Target

622c97a71938df9c3f0d01abd18a31a64957359374ddd14a6ee9e586a061510d
Size

312KB
Sample

221204-ahq8rshh34
MD5

7afd88642246a4d531d1f83e3569607f
SHA1

4bde933740cbec44c94b4d03edc27431f9e3473d
SHA256

622c97a71938df9c3f0d01abd18a31a64957359374ddd14a6ee9e586a061510d
SHA512

a55ef5b68ef3980160c3f99963ae600ac091d40bd48e804ca566476d5782f14e0a4b683f66db3f7c7f50f554e2a4790f137cc205835bdfe3c8e878109d488526
SSDEEP

6144:xWI+jNXUeLFTbCRTy7wzFzRODpyUOr2//l2TnLo0D5G:EIQUSbCvxzKy1rc/lsi

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  622c97a71938df9c3f0d01abd18a31a64957359374ddd14a6ee9e586a061510d
- Size
  
  312KB
- MD5
  
  7afd88642246a4d531d1f83e3569607f
- SHA1
  
  4bde933740cbec44c94b4d03edc27431f9e3473d
- SHA256
  
  622c97a71938df9c3f0d01abd18a31a64957359374ddd14a6ee9e586a061510d
- SHA512
  
  a55ef5b68ef3980160c3f99963ae600ac091d40bd48e804ca566476d5782f14e0a4b683f66db3f7c7f50f554e2a4790f137cc205835bdfe3c8e878109d488526
- SSDEEP
  
  6144:xWI+jNXUeLFTbCRTy7wzFzRODpyUOr2//l2TnLo0D5G:EIQUSbCvxzKy1rc/lsi
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan