cobaltstrike | 88aa597508cf45522711b678bb0596da0f1d16773aa7ca4504b6f2784e2a82a4 | Triage

Submit
Reports

Overview

overview

Static

static

88aa597508...a4.exe

windows7-x64

88aa597508...a4.exe

windows10-2004-x64

Sharing

General

Target

88aa597508cf45522711b678bb0596da0f1d16773aa7ca4504b6f2784e2a82a4
Size

571KB
Sample

221208-prtgtach9z
MD5

0dd4eddc02f1144a3a829b18b303ec1a
SHA1

f8a26ebf852dfd63920cdc98f44eb4e53e29f13b
SHA256

88aa597508cf45522711b678bb0596da0f1d16773aa7ca4504b6f2784e2a82a4
SHA512

0dda2bda39a322c6f26347b4e3e017954319d0f22bc7ea517db526da464cd7d8d024feb5d0e0ef34f6d971f6a41e73a9c7b98b0fd3d16b3cada71165e8134416
SSDEEP

6144:xrmNILc6DM/D3COXFMk2UwNNVJZc6aoFZe6+jrYGHL8742qI:ZmNI5DMD3CaFZ8NVJZc6fE6ssGHL

Score

10^/10

cobaltstrike 0 backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

88aa597508cf45522711b678bb0596da0f1d16773aa7ca4504b6f2784e2a82a4.exe

Resource

win7-20221111-en

cobaltstrike 0 backdoor trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

88aa597508cf45522711b678bb0596da0f1d16773aa7ca4504b6f2784e2a82a4.exe

Resource

win10v2004-20221111-en

cobaltstrike 0 backdoor trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

cobaltstrike

C2

http://service-758414h5-1311271430.sh.apigw.tencentcs.com:80/bootstrap-2.min.js

Attributes

user_agent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Targets

- Target
  
  88aa597508cf45522711b678bb0596da0f1d16773aa7ca4504b6f2784e2a82a4
- Size
  
  571KB
- MD5
  
  0dd4eddc02f1144a3a829b18b303ec1a
- SHA1
  
  f8a26ebf852dfd63920cdc98f44eb4e53e29f13b
- SHA256
  
  88aa597508cf45522711b678bb0596da0f1d16773aa7ca4504b6f2784e2a82a4
- SHA512
  
  0dda2bda39a322c6f26347b4e3e017954319d0f22bc7ea517db526da464cd7d8d024feb5d0e0ef34f6d971f6a41e73a9c7b98b0fd3d16b3cada71165e8134416
- SSDEEP
  
  6144:xrmNILc6DM/D3COXFMk2UwNNVJZc6aoFZe6+jrYGHL8742qI:ZmNI5DMD3CaFZ8NVJZc6fE6ssGHL
Score

10^/10

cobaltstrike 0 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cobaltstrike0backdoortrojan

behavioral2

cobaltstrike0backdoortrojan

© 2018-2024

Terms | Privacy