cobaltstrike

General

Target

13682739
Size

204KB
Sample

240417-pgq9psfh8y
MD5

12144b37cd272a26b7bfc04008c3bf45
SHA1

9f098e7d382a47e687175cb253b0dc2e8f6203ad
SHA256

3e0ebb2b2f40a667f9d1cbf745cc77723c82b08fb9e9bfb8dccd39f7902b3b39
SHA512

19656d08313e7e76d7d36dcd388774998ac3df6bfe5ba068e01daa2bda34d0c4c08cb5217fbea7351968236ab021ec683cc66326c6e8098f9f9126faaa762ef1
SSDEEP

6144:cCAgjLsVCUAnLCk4OzejAYiPEC8v1ij6TiHh:cCTjYVCUyLC7OzejeEr1TiHh

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://iplogger.ru/openai.jpg

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://forensics.jwork.ru:2083/jquery-3.3.1.slim.min.js

Targets

- Target
  
  =?Windows-1251?Q?=F0=E5=EA=EB=E0=EC=E0=F6=E8=FF=5F=E8=F1=F5=5F05=2E04=2E24=2Edoc?=
- Size
  
  144KB
- MD5
  
  5667aa62833dd6ebd15da40130ab963d
- SHA1
  
  e50b2c20fe2151860c08cb1dba5022fbeb666c69
- SHA256
  
  d6fff4f67fb27def06611ed233e79f4b44a2c4daa320ae30c5054e98cf26af11
- SHA512
  
  51009f82ea1bf71fe56be1f8377aeba6ae09731e3457b5b86f7678fa240c33296d76a55608fcf420d5226e859349a90b0e9c6ad08ea9f50b514f80702d416028
- SSDEEP
  
  3072:MFWZl74EhdqpH7R4S8IuUih1pj8aSFhb9/roD5/pEzz0rEZNje:MFWZSOdqp2SaUUohblclGVZM
Score

10^/10

cobaltstrike metasploit backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
- Abuses OpenXML format to download file from external location
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  email-plain-1.txt
- Size
  
  1KB
- MD5
  
  5bd170fcf05dc81e8121ff2d4a92d34f
- SHA1
  
  4f2dcb2578943d8e272d74d106432143be6cf147
- SHA256
  
  ebd021ea0d69e001b3b00f7250e534a4675b515cac6b1b06e12dc050c71cf374
- SHA512
  
  1a7e4990625764505dab21d9782e1832de5692ed2b328a80da18d59fe6509e60b22cf5e6e2b60d3708043ee25e8b2c6cb2d41cc0e9bfa1959afe020bb38b382d
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

3

T1082

Query Registry

3

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MetaSploit

Blocklisted process makes network request

Abuses OpenXML format to download file from external location

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4