cobaltstrike | b5e6f527c4ad3f6173ed65c9f2abf356ad66f15d1f742edf8d677c4e85222bba | Triage

Sharing

General

Target

b5e6f527c4ad3f6173ed65c9f2abf356ad66f15d1f742edf8d677c4e85222bba
Size

312KB
Sample

221204-yf95vsad44
MD5

ff4518fc827203266647281a775acce2
SHA1

79bc27da4c8c9a4272b2de04324924d01e412ff6
SHA256

b5e6f527c4ad3f6173ed65c9f2abf356ad66f15d1f742edf8d677c4e85222bba
SHA512

3bbf3084fcf1de18f9063cf1cb553edd3dcbc7023460d239818e67e8e88b6bf3a61c0d64498da60abecf37a381653ab56b8edb46ee5b349269f8c7a302085d29
SSDEEP

6144:I+1VyBhl40pPMMHLdL1hALe+2NirdrQdZKwUKD05d:IEyt4wMMdoLT2NKccwG

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  b5e6f527c4ad3f6173ed65c9f2abf356ad66f15d1f742edf8d677c4e85222bba
- Size
  
  312KB
- MD5
  
  ff4518fc827203266647281a775acce2
- SHA1
  
  79bc27da4c8c9a4272b2de04324924d01e412ff6
- SHA256
  
  b5e6f527c4ad3f6173ed65c9f2abf356ad66f15d1f742edf8d677c4e85222bba
- SHA512
  
  3bbf3084fcf1de18f9063cf1cb553edd3dcbc7023460d239818e67e8e88b6bf3a61c0d64498da60abecf37a381653ab56b8edb46ee5b349269f8c7a302085d29
- SSDEEP
  
  6144:I+1VyBhl40pPMMHLdL1hALe+2NirdrQdZKwUKD05d:IEyt4wMMdoLT2NKccwG
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan