cobaltstrike | 8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3 | Triage

Submit
Reports

Overview

overview

Static

static

3

8fd2dae76d...c3.exe

windows7-x64

1

8fd2dae76d...c3.exe

windows10-2004-x64

Sharing

General

Target

8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3.exe
Size

2.5MB
Sample

240519-mzcg6aeh3z
MD5

4543f278f2cf358e16e2284dc6ae4314
SHA1

52ca6e6f1b73d7c3805c9812a4751a2d2333b690
SHA256

8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3
SHA512

76fad9c923936e351353160678ed5dedecb89012aa6890437d10c2abec5c8073033adeb40c0c921874b9887415c97e20a0a8a9ab2af20d07f1f6f681796ace5d
SSDEEP

24576:TII3Pzsl1/E/GOzgGlLpU3Pp53aUWa/6cRSkIodSw9IjdJbzbUHJaCu1bIX9TrkZ:TX/zsn/E/GKgoQEi5CC

Score

10^/10

cobaltstrike backdoor trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3.exe

Resource

win10v2004-20240508-en

cobaltstrike backdoor trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

cobaltstrike

C2

http://39.107.242.125:666/lFZQ

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)

Targets

- Target
  
  8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3.exe
- Size
  
  2.5MB
- MD5
  
  4543f278f2cf358e16e2284dc6ae4314
- SHA1
  
  52ca6e6f1b73d7c3805c9812a4751a2d2333b690
- SHA256
  
  8fd2dae76d9a391270ff7f7ac4d55a5f496616594d7f5a734d6eeea591c753c3
- SHA512
  
  76fad9c923936e351353160678ed5dedecb89012aa6890437d10c2abec5c8073033adeb40c0c921874b9887415c97e20a0a8a9ab2af20d07f1f6f681796ace5d
- SSDEEP
  
  24576:TII3Pzsl1/E/GOzgGlLpU3Pp53aUWa/6cRSkIodSw9IjdJbzbUHJaCu1bIX9TrkZ:TX/zsn/E/GKgoQEi5CC
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan

© 2018-2024

Terms | Privacy