Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://is.gd/128mcy

windows10-2004-x64

10

Resubmissions

01/08/2023, 07:50

230801-jpkh8sfd8s 9

01/08/2023, 07:48

230801-jngqysfd61 6

01/08/2023, 07:40

230801-jh1lwafd4w 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    https://is.gd/128mcy

  • Sample

    230801-jh1lwafd4w

Score
10/10
cobaltstrikebackdoorbootkitcoreentitypersistencespywarestealertrojan

Malware Config

Targets

    • Target

      https://is.gd/128mcy

    Score
    10/10
    cobaltstrikebackdoorbootkitcoreentitypersistencespywarestealertrojan

    • Cobalt Strike reflective loader

      Detects the reflective loader used by Cobalt Strike.

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • Creates new service(s)

      persistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks