cobaltstrike | a739bfc352eb1733c5c19a50a8f2f2a49f61491e11ef6114f2dd104a0afe9497 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a739bfc352eb1733c5c19a50a8f2f2a49f61491e11ef6114f2dd104a0afe9497
Size

194KB
Sample

230826-yxm2nada68
MD5

aab912e42641f0d36cd3040879a256ca
SHA1

ea34bda045bf2248d42716436cd1dcfc9f44cabf
SHA256

a739bfc352eb1733c5c19a50a8f2f2a49f61491e11ef6114f2dd104a0afe9497
SHA512

80536e4dfee3cf12a452107d9e8e235f3774278e97ca2ea7469b8ef1a39f5cb77b75a6a2e881426d8acc1e8df9f5c45972f934eeeea244625bb771c16324cb75
SSDEEP

3072:uDMiTF37SlvetF7cqxMx4YunRPv6n73KWL3xY:uDMiEg7cqnnI73q

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://service-hh51s5hm-1253795072.gz.apigw.tencentcs.com:443/api/auth/poral/log1

Attributes

user_agent
Connection: close Accept: */* Referer: http://www.baidu.com/ Accept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36

Targets

- Target
  
  a739bfc352eb1733c5c19a50a8f2f2a49f61491e11ef6114f2dd104a0afe9497
- Size
  
  194KB
- MD5
  
  aab912e42641f0d36cd3040879a256ca
- SHA1
  
  ea34bda045bf2248d42716436cd1dcfc9f44cabf
- SHA256
  
  a739bfc352eb1733c5c19a50a8f2f2a49f61491e11ef6114f2dd104a0afe9497
- SHA512
  
  80536e4dfee3cf12a452107d9e8e235f3774278e97ca2ea7469b8ef1a39f5cb77b75a6a2e881426d8acc1e8df9f5c45972f934eeeea244625bb771c16324cb75
- SSDEEP
  
  3072:uDMiTF37SlvetF7cqxMx4YunRPv6n73KWL3xY:uDMiEg7cqnnI73q
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan