cobaltstrike

General

Target

dfgddg.mp4
Size

4.2MB
Sample

240506-xl41cshf34
MD5

e1012d1101a04985ba6fbec4a5520b9f
SHA1

0bb946c132f082e7c801f26739f0700f47699417
SHA256

1b238ed0847630d04dd641668a9b1f1a8a2d4f906b7efd1c4aa4820faad92cdf
SHA512

d9ac5f3b6c0f1ab44586a43f3ecbf1edde16a6c8f4c514afdd576ffad90e08a772bff9541b3858ef052193df78baed3682ea5fa07e73661e774e4f5b549b3dd4
SSDEEP

98304:3NK3X6RIBiYK3KCM7IwmK3s9YrHtK3KFfZwK9gi1LkQPK3mS:0BBitKT7Io+YrHkKXZxfup

Score

10^/10

Malware Config

Targets

- Target
  
  dfgddg.mp4
- Size
  
  4.2MB
- MD5
  
  e1012d1101a04985ba6fbec4a5520b9f
- SHA1
  
  0bb946c132f082e7c801f26739f0700f47699417
- SHA256
  
  1b238ed0847630d04dd641668a9b1f1a8a2d4f906b7efd1c4aa4820faad92cdf
- SHA512
  
  d9ac5f3b6c0f1ab44586a43f3ecbf1edde16a6c8f4c514afdd576ffad90e08a772bff9541b3858ef052193df78baed3682ea5fa07e73661e774e4f5b549b3dd4
- SSDEEP
  
  98304:3NK3X6RIBiYK3KCM7IwmK3s9YrHtK3KFfZwK9gi1LkQPK3mS:0BBitKT7Io+YrHkKXZxfup
Score

10^/10

cobaltstrike zgrat backdoor bootkit discovery evasion execution persistence rat spyware stealer trojan
- Cobalt Strike reflective loader
  Detects the reflective loader used by Cobalt Strike.
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Manipulates Digital Signatures
  Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1