cobaltstrike | 33d09273dc6cd6f995271202a20e8df2e0579a066db9b0bdcbfff7da7afe3768 | Triage

Sharing

General

Target

33d09273dc6cd6f995271202a20e8df2e0579a066db9b0bdcbfff7da7afe3768
Size

26KB
Sample

230329-hea2dagg3x
MD5

c9ebd0d057c99b70ba8e955a0f51f72f
SHA1

ee2323f856b397a7c0ce1feb6677152376e96da5
SHA256

33d09273dc6cd6f995271202a20e8df2e0579a066db9b0bdcbfff7da7afe3768
SHA512

c8a1b27243b3526acd38052639574a201f82d96dca2c5a3e753d05c75dc5d21a7984cc66bcda04ea27199e846359695c118ba7cf2162d4ca95cc569147bb7d74
SSDEEP

384:pIAUl9V5xJCdNz6etOzzodsGeE3WdbSU0jRArxJDZF6boFUUC7+v6fCUqqgCENqn:uAUjKz6r5GeW+bOoCvK/imC6YEaxP

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://43.136.14.33:50001/GSmV

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)

Targets

- Target
  
  33d09273dc6cd6f995271202a20e8df2e0579a066db9b0bdcbfff7da7afe3768
- Size
  
  26KB
- MD5
  
  c9ebd0d057c99b70ba8e955a0f51f72f
- SHA1
  
  ee2323f856b397a7c0ce1feb6677152376e96da5
- SHA256
  
  33d09273dc6cd6f995271202a20e8df2e0579a066db9b0bdcbfff7da7afe3768
- SHA512
  
  c8a1b27243b3526acd38052639574a201f82d96dca2c5a3e753d05c75dc5d21a7984cc66bcda04ea27199e846359695c118ba7cf2162d4ca95cc569147bb7d74
- SSDEEP
  
  384:pIAUl9V5xJCdNz6etOzzodsGeE3WdbSU0jRArxJDZF6boFUUC7+v6fCUqqgCENqn:uAUjKz6r5GeW+bOoCvK/imC6YEaxP
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan