cobaltstrike | ef593e1f8ac60ababc6226fa20af1fd5ed7bcd597b9f97aed35d1eb681845013 | Triage

Sharing

General

Target

ef593e1f8ac60ababc6226fa20af1fd5ed7bcd597b9f97aed35d1eb681845013
Size

6.5MB
Sample

231106-lq4dvabh85
MD5

12a710ab0307d854f2fd7588b4cd8c1d
SHA1

748ae41980324f2b85fdd7756a08046df972b5c7
SHA256

ef593e1f8ac60ababc6226fa20af1fd5ed7bcd597b9f97aed35d1eb681845013
SHA512

c9e431b8a0aaf4d41b297b31df4e8c1e9c6ec1804f390f30444a907efa42666ac8a4ad3f4cf91b7d4d133835fb2c43c6920ba4cbf591a6800e795b59bfca5449
SSDEEP

98304:8QvCIfolGMD/x/0feyGgatbQ940BDlgwdnpka9R/k9t+2bJsLGt+NLkxxTGzwA3J:83PlnDfyGgqwBdnpkYRMpWNGx83aE

Score

10^/10

cobaltstrike backdoor pyinstaller trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.27.130:80/GfNb

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)

Targets

- Target
  
  ef593e1f8ac60ababc6226fa20af1fd5ed7bcd597b9f97aed35d1eb681845013
- Size
  
  6.5MB
- MD5
  
  12a710ab0307d854f2fd7588b4cd8c1d
- SHA1
  
  748ae41980324f2b85fdd7756a08046df972b5c7
- SHA256
  
  ef593e1f8ac60ababc6226fa20af1fd5ed7bcd597b9f97aed35d1eb681845013
- SHA512
  
  c9e431b8a0aaf4d41b297b31df4e8c1e9c6ec1804f390f30444a907efa42666ac8a4ad3f4cf91b7d4d133835fb2c43c6920ba4cbf591a6800e795b59bfca5449
- SSDEEP
  
  98304:8QvCIfolGMD/x/0feyGgatbQ940BDlgwdnpka9R/k9t+2bJsLGt+NLkxxTGzwA3J:83PlnDfyGgqwBdnpkYRMpWNGx83aE
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan