cobaltstrike | 781bae13816d6f8097225b3af9dd3abdec0d40203c28d1b5ca916b3857fb0543 | Triage

Sharing

General

Target

beacon.ps1
Size

3KB
Sample

230313-srbhsaah87
MD5

a73f8c819df8a95eec32baad67e8c4ff
SHA1

7337b79dca14f203b6951155fe0dd08c5267f101
SHA256

781bae13816d6f8097225b3af9dd3abdec0d40203c28d1b5ca916b3857fb0543
SHA512

e545ed699fccaa394f711d01010395135418e4daa97795b1f6f4289df50067ef09e755161b4b375ef942600c9625cdb793b9258fe39ef0a67c1939b941e499c1

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://27.122.56.137:443/components/remove.gif

Attributes

user_agent
Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36

Targets

- Target
  
  beacon.ps1
- Size
  
  3KB
- MD5
  
  a73f8c819df8a95eec32baad67e8c4ff
- SHA1
  
  7337b79dca14f203b6951155fe0dd08c5267f101
- SHA256
  
  781bae13816d6f8097225b3af9dd3abdec0d40203c28d1b5ca916b3857fb0543
- SHA512
  
  e545ed699fccaa394f711d01010395135418e4daa97795b1f6f4289df50067ef09e755161b4b375ef942600c9625cdb793b9258fe39ef0a67c1939b941e499c1
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan