cobaltstrike | 0a22b3cc61f95750df85f0abec5ca0d0d9e917c1924b4003e3c58a1e17148847 | Triage

Sharing

General

Target

qbot.zip
Size

227KB
Sample

221205-kaaadsbf39
MD5

131c323cf551fb9906cef1f971650d08
SHA1

9b005de50670f7c361f96ef69cc78b42e8ccad1e
SHA256

0a22b3cc61f95750df85f0abec5ca0d0d9e917c1924b4003e3c58a1e17148847
SHA512

74d7acfb955c7eb474b8e3c4303b9e8a943e5c75188eddd532cac4d5e98a83917c9b993beab3262d30cfd32a57eb31a906b29396366475611d67cc754cdb78e6
SSDEEP

6144:Rdn0BvsUWkMhlN9scyXZ2sUzkvUuqiYHMRl4YtJ9:REvGkCXa2suGqFEB

Score

10^/10

cobaltstrike 0 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Targets

- Target
  
  Attachment.iso
- Size
  
  822KB
- MD5
  
  1ff6225f783595cf3a0c11720fa945d8
- SHA1
  
  4d71522a9cbf2f050f1b369f18351f6eec89b46e
- SHA256
  
  d0d1b77c34afe7bec255227fc946e32890e7f6abff67e913d7ef4ea5e33efacb
- SHA512
  
  3074e2212e10ac32b5bee3eca1ce9b324a85c5866b24c0086838b5ce336c380276f0616befe6c0c10d9cbdd1c95ed9c6de5eb3f3101d4f91cccb890f74b7b669
- SSDEEP
  
  12288:3hU0sdb34MkPGI4MpPBrCi1y05XlXNgLZRwUm14nY:vpki13jgLZRwUm1v
Score

10^/10

cobaltstrike 0 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Blocklisted process makes network request
- Drops startup file
behavioral1
- Target
  
  8969122ef3485d.log
- Size
  
  23KB
- MD5
  
  914dd9891afe574b611e2e38a162ae1f
- SHA1
  
  ad4c9126bcf2e534cd355107c301d01832889610
- SHA256
  
  304d6a87f624d74df2bf37c458b2f06c525aad947886413befac892c1d89a394
- SHA512
  
  33a70a75e956bcdb70c22b27c2f3044d6c527e3a10446cb6654431ecfbe326d69631b8ad61bb8f8bc8399f6122bdc229dfc01a607cec38587d39dccc67dd902c
- SSDEEP
  
  384:k6dBkkPyac1Vzzgq2wjvulFcagjATRdMa5oE4BW2d4yvnR:/bXPY1VzzgOecag0DMaclDfR
Score

8^/10
- Blocklisted process makes network request
- Drops startup file
behavioral2
- Target
  
  8969122ef3485df.log
- Size
  
  420KB
- MD5
  
  06b8feae2c9d9f2940cb9dca40d553c3
- SHA1
  
  b246ed8055ad9e7bb760795e054224d406ec8a20
- SHA256
  
  93b0f19011468a4864c114bcbcfc55f460e2c789b14ea893c26ce450d3c21a9e
- SHA512
  
  d0285b2a638ff76fe846f41118c7e6e2ac741ab071ec63432fc8406b181ebf187c0d77f45740eb26a193f348b15db478a7d6c96c6f92df6a7464b46c9a3f6818
- SSDEEP
  
  12288:hhU0sdb34MkPGI4MpPBrCi1y05XlXNgLZRwUmm:tpki13jgLZRwUmm
Score

8^/10
- Blocklisted process makes network request
behavioral3
- Target
  
  Attachment.lnk
- Size
  
  2KB
- MD5
  
  4f86eb0c1fac722e4c7b4f6f089bd127
- SHA1
  
  9d459b6ebc01d6e937785e1e118000bebdd3f700
- SHA256
  
  89a1a6cb000a66b841ad26a8d0d5af507cc17efc00a109d61d52a65caa4cef43
- SHA512
  
  c8f1d53629d14ddbe84b6878104a773e7a1bd8da47ab2b3d5ac04955916978bd79db0a9c3a94652889580344cf21416d7791b2982afeb7da5839ce33c7cc76a0
Score

8^/10
- Blocklisted process makes network request
- Drops startup file
behavioral4
- Target
  
  document.pdf
- Size
  
  10KB
- MD5
  
  8a7cadbe3c40344007c5334b41f0e8cf
- SHA1
  
  fbc916f065157cc5a13f22453c19f7dfecc3c228
- SHA256
  
  3902e1734b1d0187d3404dafa4616212342630cb46913242060f485e58201a75
- SHA512
  
  8c5e0d7a938ac13537041335d5ea185e83e025b6da138c0c3c49794825e873a52c048b08579711a888bae6e9fedc03996dbb5a2696844bb5335b8f96017dcbdb
- SSDEEP
  
  192:GWY3Ro9kPRzjVap5F5rBfHOHAo9u8wGW1/Pgk/pDqX1TX5DESqyuZnZgprCZ5npK:GWaHhjVsHmAocZd1/f/pO1VDULERCZ58
Score

1^/10
behavioral5

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrike0backdoortrojan

behavioral2

behavioral3

behavioral4

behavioral5