cobaltstrike | e5af8ae15c2e63b6fc394a1fab48e4041312d70d1437f4cf7810535c5a410732 | Triage

Sharing

General

Target

e5af8ae15c2e63b6fc394a1fab48e4041312d70d1437f4cf7810535c5a410732
Size

291KB
Sample

240417-gqwa1sfe37
MD5

f67591721354565dabe3fe735220c6f0
SHA1

80fe9705193ced60398d8ae688e80f4df403c0ea
SHA256

e5af8ae15c2e63b6fc394a1fab48e4041312d70d1437f4cf7810535c5a410732
SHA512

45cb3ae86df2f816e94b904a2f6a4339edcbe4e8a3dc635b8e6da6c26b3809d771bc4d865a1250ee2e5302311b3ad25fbb7d870f2188831584bed35421391e3c
SSDEEP

6144:KiubWrNSOetO6cprlQAOWizGLIoSd8nUbbq:dubsNSOetfARQAPyGUWYbq

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.220.128:80/JStL

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)

Targets

- Target
  
  e5af8ae15c2e63b6fc394a1fab48e4041312d70d1437f4cf7810535c5a410732
- Size
  
  291KB
- MD5
  
  f67591721354565dabe3fe735220c6f0
- SHA1
  
  80fe9705193ced60398d8ae688e80f4df403c0ea
- SHA256
  
  e5af8ae15c2e63b6fc394a1fab48e4041312d70d1437f4cf7810535c5a410732
- SHA512
  
  45cb3ae86df2f816e94b904a2f6a4339edcbe4e8a3dc635b8e6da6c26b3809d771bc4d865a1250ee2e5302311b3ad25fbb7d870f2188831584bed35421391e3c
- SSDEEP
  
  6144:KiubWrNSOetO6cprlQAOWizGLIoSd8nUbbq:dubsNSOetfARQAPyGUWYbq
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan