cobaltstrike | 8eb3617768ce4693b726bb8187e5cccea3359de0196d6f2bbe555c31f12d1234 | Triage

Sharing

General

Target

svhost.exe
Size

7.3MB
Sample

240330-nwwmaseh24
MD5

b39ae0e7f783d83b1349b2367350cb27
SHA1

2fe26faaadb7bbe6e7b9cac9ecee053cb82685ce
SHA256

8eb3617768ce4693b726bb8187e5cccea3359de0196d6f2bbe555c31f12d1234
SHA512

24fb8ec717e1c2a712db52a737eaa6f9f16c5aa6835ff51f72f33327d06945aa3b1d0f110dcd40d5c195b8647769a9d1d8832d057bca8cca3887e6e4674a1089
SSDEEP

196608:EcLaAXDHqv/L2VmnTNfwZHYYaSEcytbOOhU:9xDKXL2VmnBkPQbO

Score

10^/10

cobaltstrike backdoor pyinstaller trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://www.megtech.xyz:443/jquery-3.7.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.megtech.xyz Referer: http://www.megtech.xyz/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

- Target
  
  svhost.exe
- Size
  
  7.3MB
- MD5
  
  b39ae0e7f783d83b1349b2367350cb27
- SHA1
  
  2fe26faaadb7bbe6e7b9cac9ecee053cb82685ce
- SHA256
  
  8eb3617768ce4693b726bb8187e5cccea3359de0196d6f2bbe555c31f12d1234
- SHA512
  
  24fb8ec717e1c2a712db52a737eaa6f9f16c5aa6835ff51f72f33327d06945aa3b1d0f110dcd40d5c195b8647769a9d1d8832d057bca8cca3887e6e4674a1089
- SSDEEP
  
  196608:EcLaAXDHqv/L2VmnTNfwZHYYaSEcytbOOhU:9xDKXL2VmnBkPQbO
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan