cobaltstrike

Resubmissions

23-03-2023 20:01

230323-yrh6hshg96 1

23-03-2023 19:51

230323-yk9d5ahg74 10

Sharing

Copy URL

Twitter E-mail

General

Target

http://198.148.118.129
Sample

230323-yk9d5ahg74

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

http://naporiz.com:443/image-directory/admin.gif

Attributes

user_agent
Host: taobao.com Connection: close Accept: */* Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9

Extracted

Language

ps1

Source

URLs

exe.dropper

http://64.44.102.190/ngrok.zip

exe.dropper

http://nssm.cc/release/nssm-2.24.zip

Targets

- Target
  
  http://198.148.118.129
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Downloads MZ/PE file

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

urlscan1

behavioral1