cobaltstrike | d1637967a88f046ace84c96c1ba9fba01087dd3a47f567604b572dff6b73828f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1637967a88f046ace84c96c1ba9fba01087dd3a47f567604b572dff6b73828f
Size

509KB
Sample

230504-nbj3rsdf9y
MD5

dbaca065859d7bf7bb697b0ccafc4648
SHA1

17ffec863ebbd16459c6374b9b44c32e9fceb933
SHA256

d1637967a88f046ace84c96c1ba9fba01087dd3a47f567604b572dff6b73828f
SHA512

0b7508c9e0bef1361304cad0715d66efed3b669a26e25500a15ccc1987b105b5ba56b41db740a2a656582803cd0944a35b6c3998fae7b099d77c63a5bad93763
SSDEEP

12288:ehqxSLo5C1Ps4Xh+NX+tW98W3qm6zq8AXuETktXT:eHLmCiIh4ITu8DCkF

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://47.99.182.25:7025/3vEo

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)

Targets

- Target
  
  d1637967a88f046ace84c96c1ba9fba01087dd3a47f567604b572dff6b73828f
- Size
  
  509KB
- MD5
  
  dbaca065859d7bf7bb697b0ccafc4648
- SHA1
  
  17ffec863ebbd16459c6374b9b44c32e9fceb933
- SHA256
  
  d1637967a88f046ace84c96c1ba9fba01087dd3a47f567604b572dff6b73828f
- SHA512
  
  0b7508c9e0bef1361304cad0715d66efed3b669a26e25500a15ccc1987b105b5ba56b41db740a2a656582803cd0944a35b6c3998fae7b099d77c63a5bad93763
- SSDEEP
  
  12288:ehqxSLo5C1Ps4Xh+NX+tW98W3qm6zq8AXuETktXT:eHLmCiIh4ITu8DCkF
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2