cobaltstrike | 8116fb4b04728cdc25e67241755fb1e3e0d280e0703ffe0e56002097ee39b0bc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dXaUA9Hjba.exe
Size

1.3MB
Sample

231013-2p542sdh61
MD5

f8764aabf4b4ef2e5176e34120e6729c
SHA1

d745191f063709d00ec56342d526794c46061300
SHA256

8116fb4b04728cdc25e67241755fb1e3e0d280e0703ffe0e56002097ee39b0bc
SHA512

e12c4d26004220023f0ae86a34376c93ed67dea6ca71d761a0e72fe4eabbb58c3153aeba9847335d9175af224982325a1f146e82eeb84f3b042d441276b57fc1
SSDEEP

24576:cQw7bX65iczw3We+NZ7frSegXSOAvqBtnl+T:cJe5s3fe2QqBtnl+T

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://101.35.47.93:80/ajax/jquery/jquery-3.6.4.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.9 Accept-Encoding: gzip, deflate Referer: http://mp.weixin.qq.com/ User-Agent: WeChat/8.0.5.32 CFNetwork/1237 Darwin/20.4.0

Targets

- Target
  
  dXaUA9Hjba.exe
- Size
  
  1.3MB
- MD5
  
  f8764aabf4b4ef2e5176e34120e6729c
- SHA1
  
  d745191f063709d00ec56342d526794c46061300
- SHA256
  
  8116fb4b04728cdc25e67241755fb1e3e0d280e0703ffe0e56002097ee39b0bc
- SHA512
  
  e12c4d26004220023f0ae86a34376c93ed67dea6ca71d761a0e72fe4eabbb58c3153aeba9847335d9175af224982325a1f146e82eeb84f3b042d441276b57fc1
- SSDEEP
  
  24576:cQw7bX65iczw3We+NZ7frSegXSOAvqBtnl+T:cJe5s3fe2QqBtnl+T
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan