cobaltstrike | 0473ee221e38ba27330654ffb3cdd6476ff530881c303cc20d2efdff0c270e61 | Triage

Submit
Reports

Overview

overview

Static

static

1

openai.rtf

windows7-x64

openai.rtf

windows10-2004-x64

1

Sharing

General

Target

openai.rtf
Size

768KB
Sample

240417-pmjf2sgc71
MD5

2e8a01026b5c298a9b1d2519241f0b16
SHA1

98b44cc10887c7cb63a769cbd258c45720eb7ef7
SHA256

0473ee221e38ba27330654ffb3cdd6476ff530881c303cc20d2efdff0c270e61
SHA512

aeaf88341f33a2f130730cd4871abbf9ae48a3932bab7a21d6376c7579bbe8dad7f226694134db5f0b19b2d9a3248c66e9c3f2adc21d432573f9624c4452451b
SSDEEP

768:5stVBjHeY2xUSc2xoEYGZc+dySGri6CbEYKhqgbEYhhigbEYhh8gbEYuIeY7EH4z:5spHGC

Score

10^/10

cobaltstrike metasploit backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

openai.rtf

Resource

win7-20240215-en

cobaltstrike metasploit backdoor trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

openai.rtf

Resource

win10v2004-20240412-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://iplogger.ru/openai.jpg

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://forensics.jwork.ru:2083/jquery-3.3.1.slim.min.js

Targets

- Target
  
  openai.rtf
- Size
  
  768KB
- MD5
  
  2e8a01026b5c298a9b1d2519241f0b16
- SHA1
  
  98b44cc10887c7cb63a769cbd258c45720eb7ef7
- SHA256
  
  0473ee221e38ba27330654ffb3cdd6476ff530881c303cc20d2efdff0c270e61
- SHA512
  
  aeaf88341f33a2f130730cd4871abbf9ae48a3932bab7a21d6376c7579bbe8dad7f226694134db5f0b19b2d9a3248c66e9c3f2adc21d432573f9624c4452451b
- SSDEEP
  
  768:5stVBjHeY2xUSc2xoEYGZc+dySGri6CbEYKhqgbEYhhigbEYhh8gbEYuIeY7EH4z:5spHGC
Score

10^/10

cobaltstrike metasploit backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cobaltstrikemetasploitbackdoortrojan

behavioral2

© 2018-2024

Terms | Privacy