cobaltstrike

Sharing

Copy URL

Twitter E-mail

General

Target

Downloads.rar
Size

3.7MB
Sample

230324-ktv17sdc35
MD5

d4e6468b79193aad1f568b838eebb2d8
SHA1

03d2719ddcafdfe85792e12be873d45a6da1e099
SHA256

ee17c806a1c41f64ab9b68bbdab802c06a9da8890afb5cea2f66b544b88eaed9
SHA512

54e04338b7eb45107987de70d2fe4cf2270c972dc7a4dbfea40eb0e5f4783e7dc489e680ed5197c3b6ff25d97bd5c0c08be552560525415ca63bb014f49ffc06
SSDEEP

98304:rTPHN6D+geA1R7jXBNrJs8LHPGEqRHZbid1S9Yl9Ca:HNPgeA11F5/GH809Y1

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

http://cdn.saicfinance.work:80/ipv6

Attributes

user_agent
Host: cdn.saicfinance.work Accept: text/h.life,application/xh.life+.life,application/.life;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:36.0) Gecko/20200105 Firefox/36.0

Extracted

Family

cobaltstrike

Botnet

100000000

http://cdn.saicfinance.work:80/apiv4

Attributes

access_type
512
host
cdn.saicfinance.work,/apiv4
http_header1
AAAABwAAAAAAAAAPAAAAAwAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2gubGlmZQAAABAAAAAaSG9zdDogY2RuLnNhaWNmaW5hbmNlLndvcmsAAAAHAAAAAAAAAAUAAAACaWQAAAAHAAAAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
12800
polling_time
45000
port_number
80
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCO6EIffMQtWjT4Pe9NlKL7VvmzePwEEnTujvjo5RN1AyiJltvQEX7CAVF91yEpQDKbdWTN4DiiyCrAMKCy8TWu4TlYKGKnTtF8UzZcQaHJzquzlNGZduJaVdvnNVI2WpEey+0OqsFf4RM3TkkQGejWOvaTIOfiDGuWhzn6kdTA6wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.69766144e+08
unknown2
AAAABAAAAAIAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/apiv6
user_agent
Mozilla/5.0 (Windows NT 5.1; rv:36.0) Gecko/20200105 Firefox/36.0
watermark
100000000

Extracted

Family

cobaltstrike

Botnet

100000

http://image.shop.10010.com:443/mall_100_100.html

Attributes

access_type
512
beacon_type
2048
host
image.shop.10010.com,/mall_100_100.html
http_header1
AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAAj0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45AAAACgAAABxVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxAAAACgAAABpSZWZlcmVyOiBodHRwczovLzEwMDg2LmNuLwAAAAcAAAAAAAAADQAAAAIAAAAFQU5JRD0AAAACAAAAGV9fU2VjdXJlLTNQQVBJU0lEPW5vc2tpbjsAAAABAAAAIztDT05TRU5UPVlFUytDTi56aC1DTisyMDIxMDkxNy0wOS0wAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAD5Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDsgY2hhcnNldD1VVEYtOAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAMFJlZmVyZXI6IGh0dHBzOi8vc2hvcC4xMDA4Ni5jbi9tYWxsXzEwMF8xMDAuaHRtbAAAAAcAAAAAAAAADQAAAAUAAAAIX19mb3JtaWQAAAAJAAAAFHNyY2hmcm9tPW5SS2p4elpSUnh4AAAACQAAABJmaWVsZG5hbWU9Q3pMdUV4S2wAAAAJAAAAFHNlYXJjaHNvcnRpZD1NYnpTRW5CAAAABwAAAAEAAAANAAAAAgAAACphaWRfPTUyMjAwNTcwNSZhY2N2ZXI9MSZzaG93dHlwZT1lbWJlZCZ1YT0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9472
polling_time
30000
port_number
443
sc_process32
%windir%\syswow64\runonce.exe
sc_process64
%windir%\sysnative\runonce.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCf6fXQZp2dX7ZR50qOVSD5fLQRYS6gu44RAt3qH16LrAf9BPABjSV1aO5P+QiZnrDf59QMUR+bVpV6RD3vogMuuBC5w/FkPRjdB/PoEiqvBzqfEl0LJZDrujPA+jrPbpef2Md1eSSov/YsYWAUBjE80sWJXSPPTvEZ9VWeRqKSPQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.03243264e+08
unknown2
AAAABAAAAAEAAAglAAAAAgAACCUAAAACAAACyAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/ajax/recharge/recharge.json
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4044.62 Safari/537.36
watermark
100000

Extracted

Family

cobaltstrike

Botnet

666666

http://43.143.225.146:8443/level/v5.7/AZF0ZH83YKV

Attributes

access_type
512
beacon_type
2048
host
43.143.225.146,/level/v5.7/AZF0ZH83YKV
http_header1
AAAACgAAACxBY2NlcHQ6IGltYWdlLyosIGFwcGxpY2F0aW9uL2pzb24sIHRleHQvaHRtbAAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiByby1tZAAAAAoAAAAfQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eSwgZ3ppcAAAAAcAAAAAAAAADwAAAAsAAAACAAAAJDlZX0dZQlBXNVNTU1FZNVFZSUNXTDdTMVpKOU1VTFdBVjE0PQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAADFBY2NlcHQ6IHRleHQvaHRtbCwgYXBwbGljYXRpb24veGh0bWwreG1sLCBpbWFnZS8qAAAACgAAABNBY2NlcHQtTGFuZ3VhZ2U6IGJlAAAACgAAABxBY2NlcHQtRW5jb2Rpbmc6ICosIGNvbXByZXNzAAAABwAAAAAAAAAPAAAADQAAAAUAAAAJX05QSFZUVkVaAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
8704
polling_time
63580
port_number
8443
sc_process32
%windir%\syswow64\getmac.exe /V
sc_process64
%windir%\sysnative\systray.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC53EG450Ux+rh7A05/O3iLUyU7CVL1EdIDVu98Sx0RIOam+KhO+TQPZ27BfnYKRCivOu0kxd6A+2eI4PMO4M17etouh/qiRyb2csLTbLWMO5p2AmGCFMaEsm7ZkuCtw1SIb72SbhCAWZCwug9MHsoddP+uDk/GzLZuB1BUJ8MLWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.241980928e+09
unknown2
AAAABAAAAAEAAAOhAAAAAgAAA6EAAAALAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/sub/developement/ZPC8QJVNZBY
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
watermark
666666

Targets

- Target
  
  Downloads/56b5116db18b2599a5ea7f3b2302c709.exe.vir
- Size
  
  173KB
- MD5
  
  56b5116db18b2599a5ea7f3b2302c709
- SHA1
  
  641fa306e7d24ad9707e83da3707ad64ff3a8827
- SHA256
  
  7431909215372f740ab3a69fbbb2ddf7b4210821077473245dbc64e3349f01eb
- SHA512
  
  7f36c53e2e56d69a7af05d0794ccce1f7739adf4a3c6ee8bb23046b0bf065d42defddfdf7ec33135a8a2ca027fed6cadf75d4d31b60b5b56e1f09ade71a6abf0
- SSDEEP
  
  1536:3gNT3uhCO68kX/ZmLUUvYHvLBS9EBztlU23a5A14zYssWHds9dlbjB+hbbxHkk:QNT33RVhHv1gcplU23a44cgE+hb5x
Score

1^/10
behavioral1 behavioral2
- Target
  
  Downloads/5a45119a2603b6ad08c7f5e44e9588d3.exe.vir
- Size
  
  2.7MB
- MD5
  
  5a45119a2603b6ad08c7f5e44e9588d3
- SHA1
  
  7080c0b1a53f1fcb6956d9371c35128b3970b6f6
- SHA256
  
  b754c2a3e43df57d3d578ba9dc9ffdb8be7055fc925212d94f408fdcc6559f7c
- SHA512
  
  2e5c074e83a6cf5e20742f2dea3b047e826b600b7b0f4f772f5e8c0793b026b9a928d959398732bd943a97bc349602a27436c678ae99f7db1c4677912ca24914
- SSDEEP
  
  49152:xb6HZxDZq7j3j4mjqeQiUzmdvWyulHIo7sNMl4sqQPiO8eeyfW/hRbS:56HZxDZq7j3j4mOemlH2MVO/hR
Score

1^/10
behavioral3 behavioral4
- Target
  
  Downloads/7880a7beae205f43c9f2155785b7959e.exe.vir
- Size
  
  512KB
- MD5
  
  7880a7beae205f43c9f2155785b7959e
- SHA1
  
  10db7bfee04e2e7ecded0349f1caa169349f435a
- SHA256
  
  9b2b7f78b09504e244fa739d42c5a25e3e46171546ff973ac7179b11e66f3f75
- SHA512
  
  5a23b5501e16898a56017073901c7ef16497eca0b5787f736a1792646559c8626fa27746a0bc50ef6a30bf682c3eefa6c7c93b998a5542460e46da6e645df3d1
- SSDEEP
  
  3072:+ysn55wQ75zDUMqskcS2lxMtQpVpe9cEpt6kKdB:jaXL5fUjsrLlejcEptXA
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral5 behavioral6
- Target
  
  Downloads/c620d1f1f0d646823126ac3f36c5a780.exe.vir
- Size
  
  6.0MB
- MD5
  
  c620d1f1f0d646823126ac3f36c5a780
- SHA1
  
  4d223a430bc46a7f1d593157a72cdebd6b81ca25
- SHA256
  
  d71ceb1d1942fdbb2183e090a04f1e47c91b712b6b270eb97dae68b5108b1179
- SHA512
  
  2478712aefd2668b1790dec287e10366051f0fc65379916233ff3bf0b2199f60e70c3f2cfe097557f6a7dfa6ef0dc05f5584f2df1cf0d83b91f54d1ca47578b4
- SSDEEP
  
  49152:XOsUVz23udrb/TovO90d7HjmAFd4A64nsfJ4WBtcdRZAaruMzvG5EEmr1SZAtMuq:V3uWRTh8uREj7+6Qi
Score

10^/10

cobaltstrike 100000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral7 behavioral8
- Target
  
  Downloads/cde34053c215372ba47c1c8fbd6b25a7.exe.vir
- Size
  
  586KB
- MD5
  
  cde34053c215372ba47c1c8fbd6b25a7
- SHA1
  
  6958eea76c1097ef9c205e734c4baf93b0f47e04
- SHA256
  
  c243a13a3604d8c29d04b46eebbbd590f1d5b1d39ae5be93f800763a5a592a6e
- SHA512
  
  f6e018d9454c206a6b3449d4a6162c59c21cef8a832270b66b6a125e5bd1dca2f1048e0e85b4da594403b9c2218908d42f61d7593aa79f009486b7f927a77f14
- SSDEEP
  
  12288:/k5L2FqPvuuuuuuuuuz95QRuLtH/J2IW+xItN7dmqJCt4I3U:/2yQPK3COHEvhVaK/
Score

10^/10

cobaltstrike 666666 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  Downloads/fff09f45a81ce93c0a01f7bc9221aaa6.exe.vir
- Size
  
  1.4MB
- MD5
  
  fff09f45a81ce93c0a01f7bc9221aaa6
- SHA1
  
  42fc66089592cab97b7495926ca085dedccb3437
- SHA256
  
  4b74cd402144dc41603c2fb941ad2ea329dc1c3d7382c7e1dc1defbe1680539d
- SHA512
  
  766d201984e26b85c1771fbe3d51f3836547ff61159d711d768ad2919182ac35ddce982f4d31a071caac93c36ea37a61c5e1a35f9b55a1b98850ad0e2f543df1
- SSDEEP
  
  24576:H8eRJsRzlFh6tglyaNRX4OCrjihoaYg+/2O12D1n:H8eROlFhIglX/HYg+z2D1
Score

10^/10

cobaltstrike 100000000 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral11 behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Targets

Cobaltstrike

Cobaltstrike

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Cobaltstrike

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12