cobaltstrike | c1d4c69433dac5faf2886a5a1f8b1a55295d28ce7fde2451de7c3d0f19f5fc97 | Triage

Resubmissions

09-12-2022 19:51

221209-yksrdagh9y 10

Sharing

General

Target

DMCA-Report-49123ce083506.iso
Size

854KB
Sample

221209-yksrdagh9y
MD5

eb793e5813c086e034090926efc7a8a6
SHA1

f11709b0495fadcdca8f13016022c3245c7c9cd0
SHA256

c1d4c69433dac5faf2886a5a1f8b1a55295d28ce7fde2451de7c3d0f19f5fc97
SHA512

9b1aba19d49eb2ac74d6e37c5caa10006f83f1f93f65d33dbed78837b94af21ebd8e1454c1be63accdc5646b27ceaa1145a176cc2d542d36a9a8c2eb61eb2c19
SSDEEP

12288:UAV3T28nmgMkPGI4MpPBrCi1g05XlSTPN5MhW0u4nY:UcTNnmspki1hGMhW0uv

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Targets

- Target
  
  DMCA-Report-49123ce083506.iso
- Size
  
  854KB
- MD5
  
  eb793e5813c086e034090926efc7a8a6
- SHA1
  
  f11709b0495fadcdca8f13016022c3245c7c9cd0
- SHA256
  
  c1d4c69433dac5faf2886a5a1f8b1a55295d28ce7fde2451de7c3d0f19f5fc97
- SHA512
  
  9b1aba19d49eb2ac74d6e37c5caa10006f83f1f93f65d33dbed78837b94af21ebd8e1454c1be63accdc5646b27ceaa1145a176cc2d542d36a9a8c2eb61eb2c19
- SSDEEP
  
  12288:UAV3T28nmgMkPGI4MpPBrCi1g05XlSTPN5MhW0u4nY:UcTNnmspki1hGMhW0uv
Score

3^/10
behavioral1 behavioral2
- Target
  
  DMCA-Report.lnk
- Size
  
  2KB
- MD5
  
  cef2cea722a30c7b8aea74de9713478b
- SHA1
  
  2a3bd7dac736e4c469742c4e974deebe66a3d123
- SHA256
  
  7ffbeb1df7b0dcb06ddc0e54b7e06b338bf4901461022b0af7fe4b97d12ab4ef
- SHA512
  
  de6eda4537b7a1d710630d55f1c9b50ffb5e694539b93722582b0b8516f0e1eb49344cdd494b6bb5fdc071383ca5813fc74587d76bd00eec802a21729df5e3c1
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  wnjvejahaimreqt.log
- Size
  
  442KB
- MD5
  
  eeccb5f802dbc544e0b1031c0c6eda5d
- SHA1
  
  910e73ebafc8b9aa64086e7af85dc4602f5d5b81
- SHA256
  
  7cdf0263c3ce42e3ff3ea3c0a376e1aa1b0340dfc1e373f3c765a51a3a639be8
- SHA512
  
  94e5a372635db23de73a33140476dd4763142933b954c4bb40f9c64d5a9f0c4a899a47ec5ee649cb99b8a0d20bd89f38deb3f6cce6a3a8ca8cbb1fc1ae2836ae
- SSDEEP
  
  12288:kAV3T28nmgMkPGI4MpPBrCi1g05XlSTPg:kcTNnmspki1hx
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Blocklisted process makes network request
behavioral5 behavioral6
- Target
  
  xqdxcxlgtxeesj.log
- Size
  
  33KB
- MD5
  
  ebdef2e192804365d406919f2e81594d
- SHA1
  
  6d8e32a37b3fd5d8317a75d13818c3196403623c
- SHA256
  
  5799028ec3ad388e031fc42cd0fb5443a5a5e0a7e3e57c895a3f9e4ce4c2e9ee
- SHA512
  
  3e623337785dbb00b282072019a994db0c375d952348d8aa454475567dabc692e2a9a6d2b090052d3cfac113c15ca570ae5a61617e86eaa4c367c697bab5677e
- SSDEEP
  
  768:P4Q7iCTMHSTlesS9GQ5S234CdOLVvOdv4XD0305wXoUld07cxf:P4QrbUXZIgMZ/W05coUlC78f
Score

1^/10
behavioral7 behavioral8
- Target
  
  zvdcoglidj.pdf
- Size
  
  10KB
- MD5
  
  8a7cadbe3c40344007c5334b41f0e8cf
- SHA1
  
  fbc916f065157cc5a13f22453c19f7dfecc3c228
- SHA256
  
  3902e1734b1d0187d3404dafa4616212342630cb46913242060f485e58201a75
- SHA512
  
  8c5e0d7a938ac13537041335d5ea185e83e025b6da138c0c3c49794825e873a52c048b08579711a888bae6e9fedc03996dbb5a2696844bb5335b8f96017dcbdb
- SSDEEP
  
  192:GWY3Ro9kPRzjVap5F5rBfHOHAo9u8wGW1/Pgk/pDqX1TX5DESqyuZnZgprCZ5npK:GWaHhjVsHmAocZd1/f/pO1VDULERCZ58
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

cobaltstrikebackdoortrojan

behavioral7

behavioral8

behavioral9

behavioral10