cobaltstrike | 5daf7eba91222dc5fe709b9cb029d3fb2fb24805558c1764f0babe65db03b088 | Triage

Sharing

General

Target

0712mal.exe
Size

459KB
Sample

230714-r2lk3aee62
MD5

3739f76ac7ebf903fece63e3e3f5d050
SHA1

15b0dbb36113114ecd228ec0144df097f3d51cd4
SHA256

5daf7eba91222dc5fe709b9cb029d3fb2fb24805558c1764f0babe65db03b088
SHA512

3fba50dd086c349fbdf71c185eba9010463598eff4ba345736d4227126bfd6616566111069ec55c818bd631e0ca29583b0ab10416d1680ea2647e510a63464d4
SSDEEP

12288:yogtGvb98UWYgeWYg955/155/sPV2haGwUWhI:yvGvb98GYaGwUkI

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://44.212.22.10:443/favicon2.ico

Attributes

user_agent
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; SE 2.X MetaSr 1.0)

Targets

- Target
  
  0712mal.exe
- Size
  
  459KB
- MD5
  
  3739f76ac7ebf903fece63e3e3f5d050
- SHA1
  
  15b0dbb36113114ecd228ec0144df097f3d51cd4
- SHA256
  
  5daf7eba91222dc5fe709b9cb029d3fb2fb24805558c1764f0babe65db03b088
- SHA512
  
  3fba50dd086c349fbdf71c185eba9010463598eff4ba345736d4227126bfd6616566111069ec55c818bd631e0ca29583b0ab10416d1680ea2647e510a63464d4
- SSDEEP
  
  12288:yogtGvb98UWYgeWYg955/155/sPV2haGwUWhI:yvGvb98GYaGwUkI
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan