cobaltstrike | 42c0ebd563de19ab79fd26881f59e79392762469101aa277667d90b4eb2e9d8a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff1e711ac7ce2e7b948ef539a35907ce_JaffaCakes118
Size

1.6MB
Sample

240421-mzs5xahb85
MD5

ff1e711ac7ce2e7b948ef539a35907ce
SHA1

984039501b690361796e98affb7c75bba1457d96
SHA256

42c0ebd563de19ab79fd26881f59e79392762469101aa277667d90b4eb2e9d8a
SHA512

ee180d3c9c0faf53fd60d4f050a7a1a2ba47fa21c8ac1c2f84cee3a8708d0261d83f7744a7abfee8d14eb19a9f33bf105487f51c5d1398324367c9a2b32bd2d8
SSDEEP

24576:wcWwsiM6Me+iXEeXIvnBxmAWZ0KP2mxrIfbJo2daiccF1t6sp3qJXhaUmKVlQ8cC:SY1lYJkAWZ0UTh32HR6sRqJhvmKzQ8d

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://124.71.153.68:80/CWZi

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)

Targets

- Target
  
  ff1e711ac7ce2e7b948ef539a35907ce_JaffaCakes118
- Size
  
  1.6MB
- MD5
  
  ff1e711ac7ce2e7b948ef539a35907ce
- SHA1
  
  984039501b690361796e98affb7c75bba1457d96
- SHA256
  
  42c0ebd563de19ab79fd26881f59e79392762469101aa277667d90b4eb2e9d8a
- SHA512
  
  ee180d3c9c0faf53fd60d4f050a7a1a2ba47fa21c8ac1c2f84cee3a8708d0261d83f7744a7abfee8d14eb19a9f33bf105487f51c5d1398324367c9a2b32bd2d8
- SSDEEP
  
  24576:wcWwsiM6Me+iXEeXIvnBxmAWZ0KP2mxrIfbJo2daiccF1t6sp3qJXhaUmKVlQ8cC:SY1lYJkAWZ0UTh32HR6sRqJhvmKzQ8d
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan