cobaltstrike | 1e0b5cbd95689c722fb8dc52a0618c9a5c9540c6b4b67d37ce0efe0cf77c09b7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1e0b5cbd95689c722fb8dc52a0618c9a5c9540c6b4b67d37ce0efe0cf77c09b7
Size

1.5MB
Sample

240103-n2j6fschdn
MD5

a7e24c862c24eba080957ac45dba21cc
SHA1

4d054acadc8bad1e3c5b7e70aa5157409b353d64
SHA256

1e0b5cbd95689c722fb8dc52a0618c9a5c9540c6b4b67d37ce0efe0cf77c09b7
SHA512

3251f9851a47bd560514a019f65590da97e044861ff94ab18359469375ad5a552e071c4b8bf23970cceb85d7444dbc3e15142cc86025c494be902311acf91890
SSDEEP

24576:F8W0Budl91UYt6ehqMlus/BcvCQYkJP7Sg1KJIQTWD1vf:F8jBudlcYHoMl//yCjkhSg1K+QTWD1

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.110.204:443/jquery-3.3.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

- Target
  
  1e0b5cbd95689c722fb8dc52a0618c9a5c9540c6b4b67d37ce0efe0cf77c09b7
- Size
  
  1.5MB
- MD5
  
  a7e24c862c24eba080957ac45dba21cc
- SHA1
  
  4d054acadc8bad1e3c5b7e70aa5157409b353d64
- SHA256
  
  1e0b5cbd95689c722fb8dc52a0618c9a5c9540c6b4b67d37ce0efe0cf77c09b7
- SHA512
  
  3251f9851a47bd560514a019f65590da97e044861ff94ab18359469375ad5a552e071c4b8bf23970cceb85d7444dbc3e15142cc86025c494be902311acf91890
- SSDEEP
  
  24576:F8W0Budl91UYt6ehqMlus/BcvCQYkJP7Sg1KJIQTWD1vf:F8jBudlcYHoMl//yCjkhSg1K+QTWD1
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2