cobaltstrike | 7cf3379bd4c558c88f9a6e7b5aa6cda3aa9ba4289148e8ca6b0b55f378cd612e | Triage

Sharing

General

Target

ANQUAN.ps1
Size

26KB
Sample

230330-awr28aca5x
MD5

d223ac403e9ac14ae07b6edfeb018deb
SHA1

9be80a8babb8d08d07a68d5b1d0018992fe402fe
SHA256

7cf3379bd4c558c88f9a6e7b5aa6cda3aa9ba4289148e8ca6b0b55f378cd612e
SHA512

badab4bde445dd7231dc8995509c57cf4afc28d70627b1d199897f37ef59966e05f9c43d10750a439a842a463c4180d23a600fba3d6002ab77da5ca23d0b521e
SSDEEP

384:/IAUl9V5xJCdNz6etOzzodsGeE3WdbSU0jRArxJDZF6boFUUC7+v6fCUqqgCENqn:gAUjKz6r5GeW+bOoCvK/imC6YEaxP

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://43.136.14.33:50001/GSmV

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)

Targets

- Target
  
  ANQUAN.ps1
- Size
  
  26KB
- MD5
  
  d223ac403e9ac14ae07b6edfeb018deb
- SHA1
  
  9be80a8babb8d08d07a68d5b1d0018992fe402fe
- SHA256
  
  7cf3379bd4c558c88f9a6e7b5aa6cda3aa9ba4289148e8ca6b0b55f378cd612e
- SHA512
  
  badab4bde445dd7231dc8995509c57cf4afc28d70627b1d199897f37ef59966e05f9c43d10750a439a842a463c4180d23a600fba3d6002ab77da5ca23d0b521e
- SSDEEP
  
  384:/IAUl9V5xJCdNz6etOzzodsGeE3WdbSU0jRArxJDZF6boFUUC7+v6fCUqqgCENqn:gAUjKz6r5GeW+bOoCvK/imC6YEaxP
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan