cobaltstrike | aa6cce66952b51c94028a63ae5c405eb6a30f1ea2299009097c5d7aef9ce0833 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa6cce66952b51c94028a63ae5c405eb6a30f1ea2299009097c5d7aef9ce0833
Size

312KB
Sample

230816-dnskkagf8x
MD5

360eb01a481a2eddccde0c4ec3fe5072
SHA1

0a55fbeb1a5f7b420858e7d8e5530e850fb746ed
SHA256

aa6cce66952b51c94028a63ae5c405eb6a30f1ea2299009097c5d7aef9ce0833
SHA512

0b426252e6364e90d8ddb921c80e97ad121b4b5969c288e323192d0a6f75cadf86d76eb04cbd3103e2dff5769f9d6d467558672da59be30142c656b5ae2a5408
SSDEEP

6144:kgZiAEAO0sByNsAal3gVAWgS7/Ohwj8IsNkGMeP36a:kgZXEAO/BUdG3gVdt7K1Pki3

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://43.143.150.119:8000/s7lG

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)

Targets

- Target
  
  aa6cce66952b51c94028a63ae5c405eb6a30f1ea2299009097c5d7aef9ce0833
- Size
  
  312KB
- MD5
  
  360eb01a481a2eddccde0c4ec3fe5072
- SHA1
  
  0a55fbeb1a5f7b420858e7d8e5530e850fb746ed
- SHA256
  
  aa6cce66952b51c94028a63ae5c405eb6a30f1ea2299009097c5d7aef9ce0833
- SHA512
  
  0b426252e6364e90d8ddb921c80e97ad121b4b5969c288e323192d0a6f75cadf86d76eb04cbd3103e2dff5769f9d6d467558672da59be30142c656b5ae2a5408
- SSDEEP
  
  6144:kgZiAEAO0sByNsAal3gVAWgS7/Ohwj8IsNkGMeP36a:kgZXEAO/BUdG3gVdt7K1Pki3
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan