cobaltstrike | a3afb74b961f0b9b6e484166d61b92eb8ab2a41f0a88cc11f02c6b316ebee74f | Triage

Sharing

General

Target

58336a3811207c8d3f57709317b172e9_JaffaCakes118
Size

328KB
Sample

240331-tp63caef5v
MD5

58336a3811207c8d3f57709317b172e9
SHA1

221f507292989dbd52c3a26df4d3fb9f1d80af7a
SHA256

a3afb74b961f0b9b6e484166d61b92eb8ab2a41f0a88cc11f02c6b316ebee74f
SHA512

99b0ccc043f20339d82bcdd5634dfa4ea863fb466121c67c663c12247d1f442cc0868b4cdd06aba64e3684015aa364af9d2ffc8567f14b585efa79d97cd43b80
SSDEEP

6144:t4/za7ALmvWwG8iAPMS7BhJC0NNaHud0WiwmbiaPFpQva8yTVDzZ:C/+e9r6T7XQ0qONs2qFWvXyZ

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://apt.freelinuxupdate.tk:2053/bootstrap-2.min.js

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)

Targets

- Target
  
  58336a3811207c8d3f57709317b172e9_JaffaCakes118
- Size
  
  328KB
- MD5
  
  58336a3811207c8d3f57709317b172e9
- SHA1
  
  221f507292989dbd52c3a26df4d3fb9f1d80af7a
- SHA256
  
  a3afb74b961f0b9b6e484166d61b92eb8ab2a41f0a88cc11f02c6b316ebee74f
- SHA512
  
  99b0ccc043f20339d82bcdd5634dfa4ea863fb466121c67c663c12247d1f442cc0868b4cdd06aba64e3684015aa364af9d2ffc8567f14b585efa79d97cd43b80
- SSDEEP
  
  6144:t4/za7ALmvWwG8iAPMS7BhJC0NNaHud0WiwmbiaPFpQva8yTVDzZ:C/+e9r6T7XQ0qONs2qFWvXyZ
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan