cobaltstrike | 6213c8ce0cd2111aa59312e96ded65bee63b59797b68b34c65a0cd3ba0b4142d | Triage

Sharing

General

Target

6213c8ce0cd2111aa59312e96ded65bee63b59797b68b34c65a0cd3ba0b4142d
Size

307KB
Sample

221205-dgb91aea3t
MD5

f1696f9dc1889b9084e307b3f0d54db9
SHA1

587468d82fe252b6c60b8500e83c9e6f9708bfcd
SHA256

6213c8ce0cd2111aa59312e96ded65bee63b59797b68b34c65a0cd3ba0b4142d
SHA512

aeedc1e2520b1e86c1ed392706e42ca460da6573d877cfae5645f2acc5491feb44512da6a285ff0f46e5945a03cc34121d2d283d8418cf1a5382b84ec2e1b543
SSDEEP

6144:K0vz8T72Y0S4zinYKTY1SQshfRPVQe1MZkIYSccr7wbstOqPECYeixlYGicP:K0bA7SSrYsY1UMqMZJYSN7wbstOq8fvl

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Targets

- Target
  
  6213c8ce0cd2111aa59312e96ded65bee63b59797b68b34c65a0cd3ba0b4142d
- Size
  
  307KB
- MD5
  
  f1696f9dc1889b9084e307b3f0d54db9
- SHA1
  
  587468d82fe252b6c60b8500e83c9e6f9708bfcd
- SHA256
  
  6213c8ce0cd2111aa59312e96ded65bee63b59797b68b34c65a0cd3ba0b4142d
- SHA512
  
  aeedc1e2520b1e86c1ed392706e42ca460da6573d877cfae5645f2acc5491feb44512da6a285ff0f46e5945a03cc34121d2d283d8418cf1a5382b84ec2e1b543
- SSDEEP
  
  6144:K0vz8T72Y0S4zinYKTY1SQshfRPVQe1MZkIYSccr7wbstOqPECYeixlYGicP:K0bA7SSrYsY1UMqMZJYSN7wbstOq8fvl
Score

10^/10

cobaltstrike backdoor persistence trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpersistencetrojan

behavioral2

cobaltstrikebackdoortrojan