cobaltstrike | 6629f8a21829490945d20f755c2d2ee38b94d9d52f050402861c88e9e82c0361 | Triage

Sharing

General

Target

акт.xls.xlsx
Size

1.3MB
Sample

230721-jd4gzace67
MD5

842d19c29fb93a8b40f3506d4f2847c8
SHA1

665279ab4a385a58733f1abe1a105b92603c0215
SHA256

6629f8a21829490945d20f755c2d2ee38b94d9d52f050402861c88e9e82c0361
SHA512

fa689c9782e6a26eb0dd1de1bc0f090414d88b8d8afdf310203d4cb18c2d0bafed93a01c5e8db92d9fb20c1cbe0f6d1fc947c10774adcd95217fd0cc2c432ac1
SSDEEP

24576:hZywjaKe+qG5URtQYb8RrPmFUcF9V52kL:hZywjaKe+qG5URtQYb8RrPmFUcFQC

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://www.phod.ru/qr.png

Targets

- Target
  
  акт.xls.xlsx
- Size
  
  1.3MB
- MD5
  
  842d19c29fb93a8b40f3506d4f2847c8
- SHA1
  
  665279ab4a385a58733f1abe1a105b92603c0215
- SHA256
  
  6629f8a21829490945d20f755c2d2ee38b94d9d52f050402861c88e9e82c0361
- SHA512
  
  fa689c9782e6a26eb0dd1de1bc0f090414d88b8d8afdf310203d4cb18c2d0bafed93a01c5e8db92d9fb20c1cbe0f6d1fc947c10774adcd95217fd0cc2c432ac1
- SSDEEP
  
  24576:hZywjaKe+qG5URtQYb8RrPmFUcF9V52kL:hZywjaKe+qG5URtQYb8RrPmFUcFQC
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan