Overview

overview

10

Static

static

3

3c0c29e603...c7.exe

windows7-x64

10

3c0c29e603...c7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c0c29e603bddaa2a2909be38e18a21846b96d816475ab471d1b7ddce374d8c7

  • Size

    2.7MB

  • Sample

    230828-frjsyaaa6y

  • MD5

    3f949ff5e9ff136c8e676bbd280c7be7

  • SHA1

    16ce8d31bd5366ef32ea4a2bf81030acf5fa7e15

  • SHA256

    3c0c29e603bddaa2a2909be38e18a21846b96d816475ab471d1b7ddce374d8c7

  • SHA512

    863a299326bc0d9d6efd874448712ea340effaf8cff33f0474f6669153ad9787dd0cc002d0d44849482df676e583060792d8045d484f18a3d3f9376262580145

  • SSDEEP

    49152:Z56FaD30nrb/TKvO90d7HjmAFd4A64nsfJksChygALNGLo6D1:x30j

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://service-hh51s5hm-1253795072.gz.apigw.tencentcs.com:443/api/auth/poral/log1

Attributes
  • user_agent

    Connection: close Accept: */* Referer: http://www.baidu.com/ Accept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36

Targets

    • Target

      3c0c29e603bddaa2a2909be38e18a21846b96d816475ab471d1b7ddce374d8c7

    • Size

      2.7MB

    • MD5

      3f949ff5e9ff136c8e676bbd280c7be7

    • SHA1

      16ce8d31bd5366ef32ea4a2bf81030acf5fa7e15

    • SHA256

      3c0c29e603bddaa2a2909be38e18a21846b96d816475ab471d1b7ddce374d8c7

    • SHA512

      863a299326bc0d9d6efd874448712ea340effaf8cff33f0474f6669153ad9787dd0cc002d0d44849482df676e583060792d8045d484f18a3d3f9376262580145

    • SSDEEP

      49152:Z56FaD30nrb/TKvO90d7HjmAFd4A64nsfJksChygALNGLo6D1:x30j

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks