cobaltstrike | c528e31aad8e88e0997d48c74b58014a02848dd897c5b17e8c806163992acd30 | Triage

Sharing

General

Target

P2.dll
Size

121KB
Sample

231011-p9zfsaha6s
MD5

cc69a31a067b62dda5f2076f8ee335e1
SHA1

7efb9b1f96810c195ad7976f86c8051c16faac8a
SHA256

c528e31aad8e88e0997d48c74b58014a02848dd897c5b17e8c806163992acd30
SHA512

21a61c4554240dc047a24d0dda263ff4ff4b9c307c1e7be850077240d9464cbab7af8dfafdc5bf191f570f77745360aef32a1d0b0862c05ae0e9e9d835ad0e2e
SSDEEP

3072:vNvdT8s5z+zW+EwiHdozduv2aureni7UygKmUXhkejTs59oY:vTv58Whw02duv2Ki7UqdTTQoY

Score

10^/10

cobaltstrike backdoor spyware stealer trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://clouditsoft.com:8008/static-directory/mg.jpg

Attributes

user_agent
Host: clouditsoft.com Connection: close Accept-Encoding: gzip User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0

Targets

- Target
  
  P2.dll
- Size
  
  121KB
- MD5
  
  cc69a31a067b62dda5f2076f8ee335e1
- SHA1
  
  7efb9b1f96810c195ad7976f86c8051c16faac8a
- SHA256
  
  c528e31aad8e88e0997d48c74b58014a02848dd897c5b17e8c806163992acd30
- SHA512
  
  21a61c4554240dc047a24d0dda263ff4ff4b9c307c1e7be850077240d9464cbab7af8dfafdc5bf191f570f77745360aef32a1d0b0862c05ae0e9e9d835ad0e2e
- SSDEEP
  
  3072:vNvdT8s5z+zW+EwiHdozduv2aureni7UygKmUXhkejTs59oY:vTv58Whw02duv2Ki7UqdTTQoY
Score

10^/10

cobaltstrike backdoor trojan spyware stealer
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoorspywarestealertrojan