cobaltstrike | aa65c960fdcfe5d75e7c99b84bb070fa02b8ddbe92c747bcb25f45fd160ca035 | Triage

Sharing

General

Target

aa65c960fdcfe5d75e7c99b84bb070fa02b8ddbe92c747bcb25f45fd160ca035
Size

16KB
Sample

240419-t9nfqsad61
MD5

64cb085d19fc06b0ae1373d4a594b35a
SHA1

378e1f0628ad0b41b8656ee3edecfc95d0de020f
SHA256

aa65c960fdcfe5d75e7c99b84bb070fa02b8ddbe92c747bcb25f45fd160ca035
SHA512

ba39ae8b8e8fa53fa5c8b093273373e69a0fdbaad894bf65859d48275e230773bd27aeae6e1ec3a6c962eb184d7bd9f39e43f4db0e018e306de3e1f330a0cb21
SSDEEP

384:IhmID1Irhtq532pABV0hVOe03nRAAdhQXJKGD+6G/BJK5+m6/5/:eV1Ittqehv0BldmKZ/BJKB6/5

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://49.235.80.190:2346/F3vn

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MASPJS)

Targets

- Target
  
  dd056d708164924db06b3404567dc5f187c04e4e99fe36066b71f8319c837c86.exe
- Size
  
  48KB
- MD5
  
  7198ecf53d86f04360e9ca5aae097935
- SHA1
  
  fdfafeffa1d7977f6efb7f3a894906b492827475
- SHA256
  
  dd056d708164924db06b3404567dc5f187c04e4e99fe36066b71f8319c837c86
- SHA512
  
  63bc1ea53f84ca451c09355641cb7c224b56de952c21ee98c1b52a9b19e1df3f49368d2e9f4a9ddad8e9e4b4997b50f5513b7dfada49390145dfa270b279d737
- SSDEEP
  
  768:qwhn25gbzYUiT89Lc5LHOOfN3ycVEXJx3t:9h25tA9Lc5aOfNiceZ1t
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan