cobaltstrike | 44a28dfa3e41cc49164e0a18962f4bb88e342bb9696f2c47d8671c32c48ae3a2 | Triage

Sharing

General

Target

bypass.exe
Size

7.5MB
Sample

230409-argexsga54
MD5

7bdcdfa406f020c75040e60d24dc4c9a
SHA1

5a8fb3885cdfaaf372266212b2598ee1c5aa7f31
SHA256

44a28dfa3e41cc49164e0a18962f4bb88e342bb9696f2c47d8671c32c48ae3a2
SHA512

ef6d2963ae207f339c57094ec1b9be67be80d1f8314f68881f01db288b09313b3911c9d634029c7e69873db7ddcc6c8d01d27be0ae082e74eaf3e47b83a1d3c7
SSDEEP

196608:wxu78K/V7TL2Vmd6+DXLZy7YM30LzajtWqpVu:Iu7L/V7TL2Vmd6m70GzajtWqb

Score

10^/10

cobaltstrike backdoor pyinstaller trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://38.60.31.200:522/8qiK

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0)

Targets

- Target
  
  bypass.exe
- Size
  
  7.5MB
- MD5
  
  7bdcdfa406f020c75040e60d24dc4c9a
- SHA1
  
  5a8fb3885cdfaaf372266212b2598ee1c5aa7f31
- SHA256
  
  44a28dfa3e41cc49164e0a18962f4bb88e342bb9696f2c47d8671c32c48ae3a2
- SHA512
  
  ef6d2963ae207f339c57094ec1b9be67be80d1f8314f68881f01db288b09313b3911c9d634029c7e69873db7ddcc6c8d01d27be0ae082e74eaf3e47b83a1d3c7
- SSDEEP
  
  196608:wxu78K/V7TL2Vmd6+DXLZy7YM30LzajtWqpVu:Iu7L/V7TL2Vmd6m70GzajtWqb
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan