cobaltstrike | e3a90ba880720374a14ea7b53cb1815f245f579d1d7ff8154abd12e513aaefe2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e3a90ba880720374a14ea7b53cb1815f245f579d1d7ff8154abd12e513aaefe2
Size

653KB
Sample

231022-v2mpxabb44
MD5

db5edbcbf8da166d067a6dea93bc682b
SHA1

535458d56f1c394fd75a77c6e3159585736fd287
SHA256

e3a90ba880720374a14ea7b53cb1815f245f579d1d7ff8154abd12e513aaefe2
SHA512

c02655ef6adfc9c84134886ec9311b9e163aa556cc610e190c933963195d010bdd62b3bfd5228f88bf4e32b7f9d63b1cb50ab2e16c95098a069eb0d2796db1a0
SSDEEP

12288:T6fp2tdPYvPFe/8f8HDk4EiXhQVyzOoS6t5Sx1oD5:T6fpGPOPFeo4DjEgzow0w

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://db.dbzjk.top:8443/jquery-3.3.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Host: db.dbzjk.top Referer: http://db.dbzjk.top/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

- Target
  
  e3a90ba880720374a14ea7b53cb1815f245f579d1d7ff8154abd12e513aaefe2
- Size
  
  653KB
- MD5
  
  db5edbcbf8da166d067a6dea93bc682b
- SHA1
  
  535458d56f1c394fd75a77c6e3159585736fd287
- SHA256
  
  e3a90ba880720374a14ea7b53cb1815f245f579d1d7ff8154abd12e513aaefe2
- SHA512
  
  c02655ef6adfc9c84134886ec9311b9e163aa556cc610e190c933963195d010bdd62b3bfd5228f88bf4e32b7f9d63b1cb50ab2e16c95098a069eb0d2796db1a0
- SSDEEP
  
  12288:T6fp2tdPYvPFe/8f8HDk4EiXhQVyzOoS6t5Sx1oD5:T6fpGPOPFeo4DjEgzow0w
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan