cobaltstrike | d5bdb0a4b5e4304eb4b1f02a1eb0d6423923ee406490f6f43e18d3f855bafc53 | Triage

Sharing

General

Target

e8b7158fb7331ce00935fd4c0b0f3eab_JaffaCakes118
Size

1.3MB
Sample

240408-3q76gaag2v
MD5

e8b7158fb7331ce00935fd4c0b0f3eab
SHA1

d8748c14878034fc85ff420692b9bae8d76e934e
SHA256

d5bdb0a4b5e4304eb4b1f02a1eb0d6423923ee406490f6f43e18d3f855bafc53
SHA512

902a510024cc126a699682e89d8c30f5124fc513a51c559bad5dd01e579b7d15c869b95323a4dcc22c648833a2ff5b4a52cc8863040181b184cd576dbbdf7ed9
SSDEEP

24576:u6NwiWbrcfumQDEbU27gPVgbgEZy+DQ/4koszTMUreJfQEEw:u9rIumQDyU27gPVOgE4p4kosLw

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://101.34.64.226:80/2Zcn

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2)

Targets

- Target
  
  e8b7158fb7331ce00935fd4c0b0f3eab_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  e8b7158fb7331ce00935fd4c0b0f3eab
- SHA1
  
  d8748c14878034fc85ff420692b9bae8d76e934e
- SHA256
  
  d5bdb0a4b5e4304eb4b1f02a1eb0d6423923ee406490f6f43e18d3f855bafc53
- SHA512
  
  902a510024cc126a699682e89d8c30f5124fc513a51c559bad5dd01e579b7d15c869b95323a4dcc22c648833a2ff5b4a52cc8863040181b184cd576dbbdf7ed9
- SSDEEP
  
  24576:u6NwiWbrcfumQDEbU27gPVgbgEZy+DQ/4koszTMUreJfQEEw:u9rIumQDyU27gPVOgE4p4kosLw
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan