cobaltstrike | 8903295f79feaf9943b3d7473a0185495b14b08eba26a1c0b5e01defbbb3f6bd | Triage

Sharing

General

Target

8903295f79feaf9943b3d7473a0185495b14b08eba26a1c0b5e01defbbb3f6bd
Size

307KB
Sample

221205-cdpv9aeg73
MD5

77e4a19a28f6c5160614d20c7943205a
SHA1

426dd40d23eff81440a0f76c78d088157d1d9213
SHA256

8903295f79feaf9943b3d7473a0185495b14b08eba26a1c0b5e01defbbb3f6bd
SHA512

ef313357ca2b1fe7ead1a198b4a48d0d076030f5dc9f35aa1033fd9f77392f0bd1509c47369ad72435b2848c2728b4c94f4d8953fca95656daf5f4a4b55d204f
SSDEEP

6144:RGXz1T72Y0S/zinYKTY1SQshfRPVQe1MZkIYSccr7wbstOLPECYeixlYGic1:RGD57SSmYsY1UMqMZJYSN7wbstOL8fvP

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  8903295f79feaf9943b3d7473a0185495b14b08eba26a1c0b5e01defbbb3f6bd
- Size
  
  307KB
- MD5
  
  77e4a19a28f6c5160614d20c7943205a
- SHA1
  
  426dd40d23eff81440a0f76c78d088157d1d9213
- SHA256
  
  8903295f79feaf9943b3d7473a0185495b14b08eba26a1c0b5e01defbbb3f6bd
- SHA512
  
  ef313357ca2b1fe7ead1a198b4a48d0d076030f5dc9f35aa1033fd9f77392f0bd1509c47369ad72435b2848c2728b4c94f4d8953fca95656daf5f4a4b55d204f
- SSDEEP
  
  6144:RGXz1T72Y0S/zinYKTY1SQshfRPVQe1MZkIYSccr7wbstOLPECYeixlYGic1:RGD57SSmYsY1UMqMZJYSN7wbstOL8fvP
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan