cobaltstrike | 99e01f36903b6e888ac6864d70d1d81905366c335a8c30f3bc8b941a5213c416 | Triage

Sharing

General

Target

99e01f36903b6e888ac6864d70d1d81905366c335a8c30f3bc8b941a5213c416
Size

210KB
Sample

230831-ehvcmsch94
MD5

0d67b7c6368a6b53e5109e20a372437d
SHA1

82c832c1075a655f2c2b9ad176727f4ed9be7da9
SHA256

99e01f36903b6e888ac6864d70d1d81905366c335a8c30f3bc8b941a5213c416
SHA512

74c66bbb338780e30c0e4b70910ec3d89c8790b51807b260f83997f315542fb53e156be1cc752296b64e95b8dac7451c575eb4f71c2bc74907e9a886399ab17f
SSDEEP

6144:NyrvqYOjVhZWU9iLYoS8lMSD1cJJJ655ZZoMVLf:NyrvqYmPZWiiHP

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://127.0.0.1:30027/PzNE

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUS)

Targets

- Target
  
  99e01f36903b6e888ac6864d70d1d81905366c335a8c30f3bc8b941a5213c416
- Size
  
  210KB
- MD5
  
  0d67b7c6368a6b53e5109e20a372437d
- SHA1
  
  82c832c1075a655f2c2b9ad176727f4ed9be7da9
- SHA256
  
  99e01f36903b6e888ac6864d70d1d81905366c335a8c30f3bc8b941a5213c416
- SHA512
  
  74c66bbb338780e30c0e4b70910ec3d89c8790b51807b260f83997f315542fb53e156be1cc752296b64e95b8dac7451c575eb4f71c2bc74907e9a886399ab17f
- SSDEEP
  
  6144:NyrvqYOjVhZWU9iLYoS8lMSD1cJJJ655ZZoMVLf:NyrvqYmPZWiiHP
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan