Overview

overview

10

Static

static

10

payload_1.ps1

windows7-x64

10

payload_1.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    payload_1.ps1

  • Size

    3KB

  • Sample

    230406-2wpewahe3w

  • MD5

    7289408b9b66d927f94012ccc7c9e97f

  • SHA1

    59f77a73a599f8d0b309a21bd3c8957f88d93a47

  • SHA256

    7184b3f7a03f954afff9d967a7b6d0656f1b04a47ab39af495d373fc0f37c5b5

  • SHA512

    0b07bf2d80e2dd08c7ef94ee091fd241cbbadc3fdc000b148c2e0c0f54a158c758ad8431238991a5680b9ccd0769be97417b6b3378a95d4b09fceda5e539bfbe

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://81.68.103.253:88/INPv

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)

Targets

    • Target

      payload_1.ps1

    • Size

      3KB

    • MD5

      7289408b9b66d927f94012ccc7c9e97f

    • SHA1

      59f77a73a599f8d0b309a21bd3c8957f88d93a47

    • SHA256

      7184b3f7a03f954afff9d967a7b6d0656f1b04a47ab39af495d373fc0f37c5b5

    • SHA512

      0b07bf2d80e2dd08c7ef94ee091fd241cbbadc3fdc000b148c2e0c0f54a158c758ad8431238991a5680b9ccd0769be97417b6b3378a95d4b09fceda5e539bfbe

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks