cobaltstrike | 02f8a34310c1e29f05e95be43338bb7bc0cdceae47462a10a3801ed2eab93d27 | Triage

Sharing

General

Target

1de06b5e12c970e8541adf5fe65b0097_JaffaCakes118
Size

19.3MB
Sample

240329-kwnd5sec97
MD5

1de06b5e12c970e8541adf5fe65b0097
SHA1

44457eac460c24e0ca2c0252ee2d2eefc8727af9
SHA256

02f8a34310c1e29f05e95be43338bb7bc0cdceae47462a10a3801ed2eab93d27
SHA512

9eb3d5e1fb77edd70360d1f51cfcf793206bfbe458391ad577f52e85266fec15acaae82d818c1d26f1845ec99ceba22495576fe6d480a5fbd4281c9bccc30171
SSDEEP

49152:rtqD5h7V9LYGvZ2wSKhZpPam66qK7YrI3rc1jduXEsu:rtSh7V9sVMpPam66tEMI

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://apt.freelinuxupdate.tk:2053/bootstrap-2.min.js

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)

Targets

- Target
  
  1de06b5e12c970e8541adf5fe65b0097_JaffaCakes118
- Size
  
  19.3MB
- MD5
  
  1de06b5e12c970e8541adf5fe65b0097
- SHA1
  
  44457eac460c24e0ca2c0252ee2d2eefc8727af9
- SHA256
  
  02f8a34310c1e29f05e95be43338bb7bc0cdceae47462a10a3801ed2eab93d27
- SHA512
  
  9eb3d5e1fb77edd70360d1f51cfcf793206bfbe458391ad577f52e85266fec15acaae82d818c1d26f1845ec99ceba22495576fe6d480a5fbd4281c9bccc30171
- SSDEEP
  
  49152:rtqD5h7V9LYGvZ2wSKhZpPam66qK7YrI3rc1jduXEsu:rtSh7V9sVMpPam66tEMI
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan