cobaltstrike | 8a24deded9d9a36430a74d4170fdc3359882a19f43987f5ca991b098b7ceffd2 | Triage

Sharing

General

Target

检查工具.exe
Size

3.4MB
Sample

240423-lje3nsfb8v
MD5

bcda35e32b5318b0253a30d5c6ff39e5
SHA1

38d222421dd5385dd11ece5c40f54ea858e2a6cc
SHA256

8a24deded9d9a36430a74d4170fdc3359882a19f43987f5ca991b098b7ceffd2
SHA512

9b40d4450692625c60376cd234fd674c1c5e560eba817b4257ca21f0ce886a08ebfdf4ca46d054b67d5a8414ff6f5e5f3940e5404f983f5df07f77391fee1ee6
SSDEEP

49152:huXzqPH2EPq5WAnuoSKFbC9N9wBKqPDQ4lxKBabceJBJJsx:2xmq5trnG9N96LJxiG9JBJJsx

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://43.136.112.94:443/jquery-3.3.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.130 Safari/537.36

Targets

- Target
  
  检查工具.exe
- Size
  
  3.4MB
- MD5
  
  bcda35e32b5318b0253a30d5c6ff39e5
- SHA1
  
  38d222421dd5385dd11ece5c40f54ea858e2a6cc
- SHA256
  
  8a24deded9d9a36430a74d4170fdc3359882a19f43987f5ca991b098b7ceffd2
- SHA512
  
  9b40d4450692625c60376cd234fd674c1c5e560eba817b4257ca21f0ce886a08ebfdf4ca46d054b67d5a8414ff6f5e5f3940e5404f983f5df07f77391fee1ee6
- SSDEEP
  
  49152:huXzqPH2EPq5WAnuoSKFbC9N9wBKqPDQ4lxKBabceJBJJsx:2xmq5trnG9N96LJxiG9JBJJsx
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan