cobaltstrike | 851e687f9a39e18a67df78a10aeea4525718b6676a29161857dfe58157c8790c | Triage

Sharing

General

Target

f7d21d2b5c00f1c0abcc086800ff08db_JaffaCakes118
Size

1.5MB
Sample

240418-mplyvabh7t
MD5

f7d21d2b5c00f1c0abcc086800ff08db
SHA1

9f9c47dfedf5b0e8ba1ce61e33cebd94e899e25f
SHA256

851e687f9a39e18a67df78a10aeea4525718b6676a29161857dfe58157c8790c
SHA512

c48baf5d8f5801fef270e22cfed881fa73373068850df618d9c9e74a1274e77c98658162f62417fb427d9a52bf26b58b1823249e3fd4eb1bae42c37736dfd379
SSDEEP

24576:NCRMBSOiv0TSbDCPnu1u1ZEhQbkZ7T6Sx:HBSrsSbGPnu13owT

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://iweb-tech.com:443/files/cr.ico

Attributes

user_agent
Host: iweb-tech.com Connection: close User-Agent: Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0

Targets

- Target
  
  f7d21d2b5c00f1c0abcc086800ff08db_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  f7d21d2b5c00f1c0abcc086800ff08db
- SHA1
  
  9f9c47dfedf5b0e8ba1ce61e33cebd94e899e25f
- SHA256
  
  851e687f9a39e18a67df78a10aeea4525718b6676a29161857dfe58157c8790c
- SHA512
  
  c48baf5d8f5801fef270e22cfed881fa73373068850df618d9c9e74a1274e77c98658162f62417fb427d9a52bf26b58b1823249e3fd4eb1bae42c37736dfd379
- SSDEEP
  
  24576:NCRMBSOiv0TSbDCPnu1u1ZEhQbkZ7T6Sx:HBSrsSbGPnu13owT
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan