cobaltstrike | 08652d415a6b8f788a0e4914b3517c81fc49ef1be964548e00b92067fa66b702 | Triage

Sharing

General

Target

lsass.exe
Size

2.8MB
Sample

230813-n5gjqsdf6w
MD5

a832cc87a6c0c80ee12adddebd1dbf2d
SHA1

51b5f69421c4e5d57602f6b7dbc31ac1fed8010e
SHA256

08652d415a6b8f788a0e4914b3517c81fc49ef1be964548e00b92067fa66b702
SHA512

2e9d96d474eca87e8897ca021c6e6ea0da3ebb66ce9f0cee02c72525a9234546a116ce90cac807b4e5928308e013f92ba5f87e64e2e501d6f393aa8951b80b61
SSDEEP

49152:zYZKdX+/IwlGW3b96tAtUpQw2D11j3gMebfM2+CJhQgrCg07p5vIMa:vAx3bkGqpQnEU3If

Score

10^/10

cobaltstrike 0 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://bba.ccb.com.cdn.dnsv1.com.cn:443/static/skin/js/jquery-3.3.1.min.js

Attributes

access_type
512
host
bba.ccb.com.cdn.dnsv1.com.cn,/static/skin/js/jquery-3.3.1.min.js
http_header1
aWR2eVVhTURLdWJXVzRUTDNpUGpCdz09AAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
2048
port_number
443
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
unknown1
4.234810624e+09
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/static/skin/js/jquery-3.3.2.min.js
watermark
0

Targets

- Target
  
  lsass.exe
- Size
  
  2.8MB
- MD5
  
  a832cc87a6c0c80ee12adddebd1dbf2d
- SHA1
  
  51b5f69421c4e5d57602f6b7dbc31ac1fed8010e
- SHA256
  
  08652d415a6b8f788a0e4914b3517c81fc49ef1be964548e00b92067fa66b702
- SHA512
  
  2e9d96d474eca87e8897ca021c6e6ea0da3ebb66ce9f0cee02c72525a9234546a116ce90cac807b4e5928308e013f92ba5f87e64e2e501d6f393aa8951b80b61
- SSDEEP
  
  49152:zYZKdX+/IwlGW3b96tAtUpQw2D11j3gMebfM2+CJhQgrCg07p5vIMa:vAx3bkGqpQnEU3If
Score

10^/10

cobaltstrike 0 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrike0backdoortrojan

behavioral2

cobaltstrike0backdoortrojan

behavioral3

cobaltstrike0backdoortrojan