cobaltstrike | 2a48db264150d1a4966633b38b357f56e224a713680584b3fba79d0404acf9dd | Triage

Submit
Reports

Overview

overview

Static

static

3

2a48db2641...dd.exe

windows7-x64

1

2a48db2641...dd.exe

windows10-2004-x64

Sharing

General

Target

2a48db264150d1a4966633b38b357f56e224a713680584b3fba79d0404acf9dd
Size

1.5MB
Sample

240419-g1h4faag22
MD5

be5177349f86953d5d81066a51cd943a
SHA1

0aa8fb7cd6bce0fcccdf1c0cfaaa84f3a4172358
SHA256

2a48db264150d1a4966633b38b357f56e224a713680584b3fba79d0404acf9dd
SHA512

8b59971286b711cc276e07d6ae60ba9ee318c1c3b4394f674fae64ea561957d32413177baa6d2ef35d19f5a575708eee3d882cdab97c659a00412297e024566d
SSDEEP

24576:CVAtAQfLY08PFDyKfPVXL5u+gyQQ/hffpLAeMcUg9sB26wn6fbQhPZ:C4dkV54UAkZ

Score

10^/10

cobaltstrike backdoor trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2a48db264150d1a4966633b38b357f56e224a713680584b3fba79d0404acf9dd.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

2a48db264150d1a4966633b38b357f56e224a713680584b3fba79d0404acf9dd.exe

Resource

win10v2004-20240226-en

cobaltstrike backdoor trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

cobaltstrike

C2

http://69.235.177.76:17777/jquery-3.3.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

- Target
  
  2a48db264150d1a4966633b38b357f56e224a713680584b3fba79d0404acf9dd
- Size
  
  1.5MB
- MD5
  
  be5177349f86953d5d81066a51cd943a
- SHA1
  
  0aa8fb7cd6bce0fcccdf1c0cfaaa84f3a4172358
- SHA256
  
  2a48db264150d1a4966633b38b357f56e224a713680584b3fba79d0404acf9dd
- SHA512
  
  8b59971286b711cc276e07d6ae60ba9ee318c1c3b4394f674fae64ea561957d32413177baa6d2ef35d19f5a575708eee3d882cdab97c659a00412297e024566d
- SSDEEP
  
  24576:CVAtAQfLY08PFDyKfPVXL5u+gyQQ/hffpLAeMcUg9sB26wn6fbQhPZ:C4dkV54UAkZ
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan

© 2018-2024

Terms | Privacy