Overview

overview

10

Static

static

3

P2.dll

windows7-x64

10

P2.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    P2.dll

  • Size

    121KB

  • Sample

    231011-p9zfsaha6s

  • MD5

    cc69a31a067b62dda5f2076f8ee335e1

  • SHA1

    7efb9b1f96810c195ad7976f86c8051c16faac8a

  • SHA256

    c528e31aad8e88e0997d48c74b58014a02848dd897c5b17e8c806163992acd30

  • SHA512

    21a61c4554240dc047a24d0dda263ff4ff4b9c307c1e7be850077240d9464cbab7af8dfafdc5bf191f570f77745360aef32a1d0b0862c05ae0e9e9d835ad0e2e

  • SSDEEP

    3072:vNvdT8s5z+zW+EwiHdozduv2aureni7UygKmUXhkejTs59oY:vTv58Whw02duv2Ki7UqdTTQoY

Score
10/10
cobaltstrikebackdoorspywarestealertrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://clouditsoft.com:8008/static-directory/mg.jpg

Attributes
  • user_agent

    Host: clouditsoft.com Connection: close Accept-Encoding: gzip User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0

Targets

    • Target

      P2.dll

    • Size

      121KB

    • MD5

      cc69a31a067b62dda5f2076f8ee335e1

    • SHA1

      7efb9b1f96810c195ad7976f86c8051c16faac8a

    • SHA256

      c528e31aad8e88e0997d48c74b58014a02848dd897c5b17e8c806163992acd30

    • SHA512

      21a61c4554240dc047a24d0dda263ff4ff4b9c307c1e7be850077240d9464cbab7af8dfafdc5bf191f570f77745360aef32a1d0b0862c05ae0e9e9d835ad0e2e

    • SSDEEP

      3072:vNvdT8s5z+zW+EwiHdozduv2aureni7UygKmUXhkejTs59oY:vTv58Whw02duv2Ki7UqdTTQoY

    Score
    10/10
    cobaltstrikebackdoortrojanspywarestealer

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks