cobaltstrike | cdc9af3b60568c4eb2506895a67fcb4f972cca3c4ad8c2f9da393a92fcde859c | Triage

Sharing

General

Target

cdc9af3b60568c4eb2506895a67fcb4f972cca3c4ad8c2f9da393a92fcde859c
Size

120KB
Sample

221204-trzq2sab31
MD5

0e446dc5045c9948e10864cd8b230e71
SHA1

f3738c9f9d20d304f821372b127b07ec05c1f1eb
SHA256

cdc9af3b60568c4eb2506895a67fcb4f972cca3c4ad8c2f9da393a92fcde859c
SHA512

9a39e6fed232d9ca095a5369ae7e969aeeb4a9ad32db7739f4aeb4c9e3d7296533028a129ad4b0cb31f466f14ad4dce948e973350b77602414670e599bf295d0
SSDEEP

1536:oX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQ:+v5hm7VmBP7PtReQJUhMLgEE5RX

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  cdc9af3b60568c4eb2506895a67fcb4f972cca3c4ad8c2f9da393a92fcde859c
- Size
  
  120KB
- MD5
  
  0e446dc5045c9948e10864cd8b230e71
- SHA1
  
  f3738c9f9d20d304f821372b127b07ec05c1f1eb
- SHA256
  
  cdc9af3b60568c4eb2506895a67fcb4f972cca3c4ad8c2f9da393a92fcde859c
- SHA512
  
  9a39e6fed232d9ca095a5369ae7e969aeeb4a9ad32db7739f4aeb4c9e3d7296533028a129ad4b0cb31f466f14ad4dce948e973350b77602414670e599bf295d0
- SSDEEP
  
  1536:oX2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQ:+v5hm7VmBP7PtReQJUhMLgEE5RX
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan