Overview

overview

10

Static

static

PO-12-5-2022.html

windows10-2004-x64

10

Resubmissions

05-12-2022 22:27

221205-2c978sdb84 10

05-12-2022 22:20

221205-1892nscg44 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-12-5-2022.html.zip

  • Size

    556KB

  • Sample

    221205-2c978sdb84

  • MD5

    f77bc5baf590cdb14506bccad4fb23be

  • SHA1

    e0cd66b736494eb90307c44500e5d4872cc0c6e9

  • SHA256

    b4673c656f1601fa48c487da640c21f5bf1995297c2f8e8f6300f7e1062eeb7c

  • SHA512

    d8de532c0d807ef18d4333b248c97fec8d23915c624e841f2275a61c7bc37a2d062c3ac9bdbcd249fb57972a550849e898afbb25bddc1629bda76f9e3c4ed0e4

  • SSDEEP

    12288:NU/ohUJZdzi6Zgy50SuI6M/eTX2rime+BMoXeSsKutB0A:uXndeny/1BWj57b7+A

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Targets

    • Target

      PO-12-5-2022.html

    • Size

      1.5MB

    • MD5

      7779d429e7e17385f55b48880f0989cf

    • SHA1

      e7d6772b847f46daa98f57d784d14496034105b5

    • SHA256

      63955db0ccd6c0613912afb862635bde0fa925847f27adc8a0d65c994a7e05ea

    • SHA512

      d638831aa7b58ba60575215938b5ba836ae738c16305859e09d069602bf2afd298f5736d40fad998f2c029d57e6753e49b6e9de07039ea5bd26db94486b22523

    • SSDEEP

      24576:8RkWVB9NVcxDZrNEpBVjXUtXj92X6jyb1:q9Ax3Tx2p

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Drops startup file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks