cobaltstrike | b7c0a3faaebb9ce3408efd59576c692c61fdb19a3428e8e7e5179886c05bf38c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7c0a3faaebb9ce3408efd59576c692c61fdb19a3428e8e7e5179886c05bf38c
Size

8.8MB
Sample

231116-ly2vzsbc8w
MD5

d15bbd678116938b34d23cc061cf7a15
SHA1

c901855ff6073dbaf51605690b7da3c3d8de1817
SHA256

b7c0a3faaebb9ce3408efd59576c692c61fdb19a3428e8e7e5179886c05bf38c
SHA512

4315777677cb8dc0cdeaa254435253f3e73cf194b3769c6e18974de82800af892b0c1e84e31c9a4835ca8cd3e8a9c795d583d39429bfc67a85c20cd1e5b1938e
SSDEEP

196608:+WSFzdfTuxfuMNKvCinDr7Z9IKIGSYJEL92DThW8A4ZoOPF0SkJ9:+zBdfT6fuKinHafYJq2DTh9PZBPTkJ9

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://107.172.84.110:8088/7yVW

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)

Targets

- Target
  
  b7c0a3faaebb9ce3408efd59576c692c61fdb19a3428e8e7e5179886c05bf38c
- Size
  
  8.8MB
- MD5
  
  d15bbd678116938b34d23cc061cf7a15
- SHA1
  
  c901855ff6073dbaf51605690b7da3c3d8de1817
- SHA256
  
  b7c0a3faaebb9ce3408efd59576c692c61fdb19a3428e8e7e5179886c05bf38c
- SHA512
  
  4315777677cb8dc0cdeaa254435253f3e73cf194b3769c6e18974de82800af892b0c1e84e31c9a4835ca8cd3e8a9c795d583d39429bfc67a85c20cd1e5b1938e
- SSDEEP
  
  196608:+WSFzdfTuxfuMNKvCinDr7Z9IKIGSYJEL92DThW8A4ZoOPF0SkJ9:+zBdfT6fuKinHafYJq2DTh9PZBPTkJ9
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan