cobaltstrike | c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61 | Triage

Sharing

General

Target

c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61
Size

1.8MB
Sample

240417-gkxlwsfc67
MD5

69359444b4d6c20a5d35760c4e398e72
SHA1

b18cafef685055e4bdbe34a090d0cf11028b5d86
SHA256

c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61
SHA512

eec44f156cfd811b638c85da9a5c5b2f03d3e3ec621e4229cf7d2361e72296e23e1dd5f4a0d78ab02ce390e70aae54c068cbf3b491120d671069098c26342070
SSDEEP

24576:VhQYeEDa/vWCcFbPzvTtfO6BgCf5ekB1ovK+am89fnK4X9ZNYd1MV1FdKD1vWk+p:VS0k69FXpKD1LpIYDrcp2fS/XTl

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://43.142.193.86:80/sIp1

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)

Targets

- Target
  
  c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61
- Size
  
  1.8MB
- MD5
  
  69359444b4d6c20a5d35760c4e398e72
- SHA1
  
  b18cafef685055e4bdbe34a090d0cf11028b5d86
- SHA256
  
  c16a2a2f422fe378a8b4a65ce9c47139764277682cf113ff6564046dc19d9f61
- SHA512
  
  eec44f156cfd811b638c85da9a5c5b2f03d3e3ec621e4229cf7d2361e72296e23e1dd5f4a0d78ab02ce390e70aae54c068cbf3b491120d671069098c26342070
- SSDEEP
  
  24576:VhQYeEDa/vWCcFbPzvTtfO6BgCf5ekB1ovK+am89fnK4X9ZNYd1MV1FdKD1vWk+p:VS0k69FXpKD1LpIYDrcp2fS/XTl
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan