cobaltstrike | 78f9cea4297340c79dc8ff2337c73f94d508aba97b394d3f31914eb140e3620a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

78f9cea4297340c79dc8ff2337c73f94d508aba97b394d3f31914eb140e3620a
Size

1.5MB
Sample

231101-12yeasfd99
MD5

3fa1770686aa8b63206c8fa7497a59f2
SHA1

6292072ca1e40f150b07f1cf28f56d6962afe22b
SHA256

78f9cea4297340c79dc8ff2337c73f94d508aba97b394d3f31914eb140e3620a
SHA512

d065f827a82088749bf8218be649f3106946e1cbdcf9748cfa56c2efe41ccfb380729f24099b3f4cfeac31a2064a99ce72e45a8e4d81e8123574af85df90100a
SSDEEP

49152:n8A1l6wXzDn8bKHkyKqGHnxW46oPBp/RDx:n8A1l60zD8+HgHnb6oPBpZt

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.52.129:4444/U9je

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)

Targets

- Target
  
  78f9cea4297340c79dc8ff2337c73f94d508aba97b394d3f31914eb140e3620a
- Size
  
  1.5MB
- MD5
  
  3fa1770686aa8b63206c8fa7497a59f2
- SHA1
  
  6292072ca1e40f150b07f1cf28f56d6962afe22b
- SHA256
  
  78f9cea4297340c79dc8ff2337c73f94d508aba97b394d3f31914eb140e3620a
- SHA512
  
  d065f827a82088749bf8218be649f3106946e1cbdcf9748cfa56c2efe41ccfb380729f24099b3f4cfeac31a2064a99ce72e45a8e4d81e8123574af85df90100a
- SSDEEP
  
  49152:n8A1l6wXzDn8bKHkyKqGHnxW46oPBp/RDx:n8A1l60zD8+HgHnb6oPBpZt
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan