cobaltstrike | 94a7c995a3f87308dea447de9c3e84ef086fe0379d108332970bc7f2d22efed6 | Triage

Sharing

General

Target

94a7c995a3f87308dea447de9c3e84ef086fe0379d108332970bc7f2d22efed6
Size

315KB
Sample

240426-h56wqsbe3v
MD5

36eed47751bc04ee9fb82d3f0e836239
SHA1

e17fbeefbdca5b0a87393f031479e35cd38d8a68
SHA256

94a7c995a3f87308dea447de9c3e84ef086fe0379d108332970bc7f2d22efed6
SHA512

b0a76342e605cfa95940cb41f61579a8bd2fb347521a6c10a34fc526546abbdc721ec499a8e9c422137eced2a9ad966c69e1ace7ba976e059e273838f8ce3066
SSDEEP

6144:SCGaECnpAoDO1A8dg3iTPJLMfgQZX+tJs0dxm:DGHCnaomAEg3uPdkgOX+tZdxm

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.209.130:80/6Uco

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS)

Targets

- Target
  
  94a7c995a3f87308dea447de9c3e84ef086fe0379d108332970bc7f2d22efed6
- Size
  
  315KB
- MD5
  
  36eed47751bc04ee9fb82d3f0e836239
- SHA1
  
  e17fbeefbdca5b0a87393f031479e35cd38d8a68
- SHA256
  
  94a7c995a3f87308dea447de9c3e84ef086fe0379d108332970bc7f2d22efed6
- SHA512
  
  b0a76342e605cfa95940cb41f61579a8bd2fb347521a6c10a34fc526546abbdc721ec499a8e9c422137eced2a9ad966c69e1ace7ba976e059e273838f8ce3066
- SSDEEP
  
  6144:SCGaECnpAoDO1A8dg3iTPJLMfgQZX+tJs0dxm:DGHCnaomAEg3uPdkgOX+tZdxm
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan