cobaltstrike | 56c1b179aa0914fb20900bf31301b42aa27a85ef5e827195680ab07cd88d7f6f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56c1b179aa0914fb20900bf31301b42aa27a85ef5e827195680ab07cd88d7f6f
Size

700KB
Sample

231225-ln94lsagf2
MD5

5f38246a3c262392a204dca0efb7272a
SHA1

b560668024c7f74262cca179ff5b6e7e47497dcf
SHA256

56c1b179aa0914fb20900bf31301b42aa27a85ef5e827195680ab07cd88d7f6f
SHA512

87ea1dc4b07caadbb10ef0ee4d43f0b7c0488cefdbe8e8a8ce8e1a7984990aa40975e181a675abbcaee5d6b5ebf6ebaa0eae176a19097f69d3e900f639f80579
SSDEEP

12288:DAy5eWw3+vb+5Ql2uDRW+eImKzF6OvoyT2G0NVPJf4DrXFqT5r7M8QNF:ZcWwOvbDlnDY6J2GJD0TJ7S

Score

10^/10

cobaltstrike backdoor link pdf trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://139.129.207.45:443/8Clv

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)

Targets

- Target
  
  1.bat
- Size
  
  87B
- MD5
  
  ee93406b0d0fc67dcad97370bccd8eb7
- SHA1
  
  dceb87d98d099993cd717df63b88eebb3572ac97
- SHA256
  
  6d7398f86215b836378b83b3c475eb6c52b98761d3e4fd1d92f1862b9c392cfc
- SHA512
  
  46dc1c3cf7f57474c54018d9220d2108cb8be92467d3dfd6e2c9256993710914412ace4f53ec0669761588fcd7a862954d2947eb5089b643bd97c47422251038
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2
- Target
  
  project.exe
- Size
  
  1.4MB
- MD5
  
  f23c93abeb96e449fd1007cfb8805adf
- SHA1
  
  89821786b9f3a5a04dea5e8fa6aaf2f3a097e009
- SHA256
  
  d89a8b3c9a4b6bfed3ef7ffe5cb65d0a2d0a7a1889360f36a86b8d9e334138a4
- SHA512
  
  e34d4ae5fb49414f38809bd8542056d409f11f3c601bdc2f8e47d56f79657aaf8e020e06a0d23c705fb8c885471625d7545d588bb9971cfb1639d9f532d5bea8
- SSDEEP
  
  24576:t7M7oRH+OHlDsbyB7YJj1qM+00/yNx9qH+t:24H+IyyB7YJjw9Wk
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral3 behavioral4
- Target
  
  深圳市熠千熠智能硬件有限公司公司介绍及合作意向书.pdf
- Size
  
  71KB
- MD5
  
  0f3faf6d205e7b9430088d658c3ea3c1
- SHA1
  
  3a2952cb1ad9fd7bb956975817f6bb11b5d86217
- SHA256
  
  6956561d2d62ed160507ff1bfd0c639900bb90477dab11f40f32ea5f9a0c1327
- SHA512
  
  3c817ca6d6277852800cbf70ddf28445f04ed90b21dd80c16e318131bf5c693750ece162bbeb3d4d49d7cb28a1d9c435f4d94dafccf1fbadf7bcf1297a274d25
- SSDEEP
  
  1536:8A9bWrpRITclGPsHwr/ARHIAnEXifIib7KCsaJxt5Depyu4kRjgk:l9bisclGPsHwrIlI1XUZvKClDtFepy1A
Score

1^/10
behavioral5 behavioral6
- Target
  
  深圳市熠千熠智能硬件有限公司公司介绍及合作意向材料.lnk
- Size
  
  1KB
- MD5
  
  91502b8f5b38ca78f5fbabb4f1de91a5
- SHA1
  
  b2d259b2f930756551801712be12885674f56c80
- SHA256
  
  5911e18b83f9ad31d51294c76691b8d453975ffb43cbf207b7d37f286c12fb5d
- SHA512
  
  a05ddaa5de0813c8b5dffe7ea46de11c748a4abb442a40ba0690d517730b1d556aff55d67f885440ffb3c6732eb34e2b8ea2f4874974d5612443180a2be07a10
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan

behavioral3

behavioral4

cobaltstrikebackdoortrojan

behavioral5

behavioral6

behavioral7

behavioral8

cobaltstrikebackdoortrojan