cobaltstrike | 5c8221ceec2e70e4a6f6ddd9bad7fb6427890deb47f25f83df88e145d393e1ed | Triage

Sharing

General

Target

f96199ae10700e46b14a34486dfa866d_JaffaCakes118
Size

1.3MB
Sample

240419-ds91eagb8y
MD5

f96199ae10700e46b14a34486dfa866d
SHA1

5599e55f4f27b7547d7ae475a182bf4d01ab53ba
SHA256

5c8221ceec2e70e4a6f6ddd9bad7fb6427890deb47f25f83df88e145d393e1ed
SHA512

8f4e129c9ad48ff86129af2944a871c69e50f3edd0321c175378459fcd3dd4375dabbc68ae2cb322a15f7b4b4cbc633f2dc755b33135ae52bd1dd996e4034313
SSDEEP

24576:+GJpdXroYbjoYNguDfL3/jSI8Aa8e210ZJqVLcdOHh3VAHoQascKtz9rECqM:XPXkThuDLPjSI/d5oIVg4HhGC0tJrECB

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://60.205.188.203:13694/d1nZ

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0)

Targets

- Target
  
  f96199ae10700e46b14a34486dfa866d_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  f96199ae10700e46b14a34486dfa866d
- SHA1
  
  5599e55f4f27b7547d7ae475a182bf4d01ab53ba
- SHA256
  
  5c8221ceec2e70e4a6f6ddd9bad7fb6427890deb47f25f83df88e145d393e1ed
- SHA512
  
  8f4e129c9ad48ff86129af2944a871c69e50f3edd0321c175378459fcd3dd4375dabbc68ae2cb322a15f7b4b4cbc633f2dc755b33135ae52bd1dd996e4034313
- SSDEEP
  
  24576:+GJpdXroYbjoYNguDfL3/jSI8Aa8e210ZJqVLcdOHh3VAHoQascKtz9rECqM:XPXkThuDLPjSI/d5oIVg4HhGC0tJrECB
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan