cobaltstrike | 3d8fd5a322e0d6e9b1a5ee3fd4b222a25becbc02374d6195448d57875d9e75d4 | Triage

Submit
Reports

Overview

overview

Static

static

3

3d8fd5a322...d4.exe

windows7-x64

3d8fd5a322...d4.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

3d8fd5a322e0d6e9b1a5ee3fd4b222a25becbc02374d6195448d57875d9e75d4
Size

8.1MB
Sample

231013-zy7m5aae6v
MD5

d3d7854b7af7463be8a2e215311b3030
SHA1

dda970b52bf2b42eaf3037fd2580171c84b0b30c
SHA256

3d8fd5a322e0d6e9b1a5ee3fd4b222a25becbc02374d6195448d57875d9e75d4
SHA512

36693c51d427d957c8dc07d2ada7510d92b6bb9566108977d6341740c6997b6855d8b08f78c99fa62b6fe830d5ae05aa591d9ec7b82b6e8b5e04423e3c23f0dd
SSDEEP

196608:aPJXy/O1OEHKO/v78j8KQPl0qednVd6e8FouR6jCC:oJXQO1OEHKIv78joPUnblGdRCx

Score

10^/10

cobaltstrike backdoor pyinstaller trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3d8fd5a322e0d6e9b1a5ee3fd4b222a25becbc02374d6195448d57875d9e75d4.exe

Resource

win7-20230831-en

cobaltstrike backdoor pyinstaller trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

3d8fd5a322e0d6e9b1a5ee3fd4b222a25becbc02374d6195448d57875d9e75d4.exe

Resource

win10v2004-20230915-en

cobaltstrike backdoor pyinstaller trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

cobaltstrike

C2

http://121.40.66.171:85/djZ5

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)

Targets

- Target
  
  3d8fd5a322e0d6e9b1a5ee3fd4b222a25becbc02374d6195448d57875d9e75d4
- Size
  
  8.1MB
- MD5
  
  d3d7854b7af7463be8a2e215311b3030
- SHA1
  
  dda970b52bf2b42eaf3037fd2580171c84b0b30c
- SHA256
  
  3d8fd5a322e0d6e9b1a5ee3fd4b222a25becbc02374d6195448d57875d9e75d4
- SHA512
  
  36693c51d427d957c8dc07d2ada7510d92b6bb9566108977d6341740c6997b6855d8b08f78c99fa62b6fe830d5ae05aa591d9ec7b82b6e8b5e04423e3c23f0dd
- SSDEEP
  
  196608:aPJXy/O1OEHKO/v78j8KQPl0qednVd6e8FouR6jCC:oJXQO1OEHKIv78joPUnblGdRCx
Score

10^/10

cobaltstrike backdoor pyinstaller trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoorpyinstallertrojan

behavioral2

cobaltstrikebackdoorpyinstallertrojan

© 2018-2025

Terms | Privacy