cobaltstrike | 64bf5cc0730c474b978d64536c0478662ded7834340d2652ea72df4cec5de0e9 | Triage

Sharing

General

Target

2024-05-20_58b29551bd9682bfe0d07b9dee3f8b71_snatch
Size

4.7MB
Sample

240520-bnwk4sch85
MD5

58b29551bd9682bfe0d07b9dee3f8b71
SHA1

5d250bf0bd84a30c4860e66b782941abae3d2d56
SHA256

64bf5cc0730c474b978d64536c0478662ded7834340d2652ea72df4cec5de0e9
SHA512

f7ddc0b7d16f43fa1acda96942ca9115509be8a3362ef5222da165919ac69806ff11d9dc2672642506099e484c42d2713b5e8ab820bcac915129f65acce0fbef
SSDEEP

49152:A78iOxd39rGprb/TbvO90d7HjmAFd4A64nsfJFmOt7QcsP4JQze/kd4dx8Vr4Cbh:J3dzNY4vGE+EzQ

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://45.128.146.174:3228/zzyzy

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)

Targets

- Target
  
  2024-05-20_58b29551bd9682bfe0d07b9dee3f8b71_snatch
- Size
  
  4.7MB
- MD5
  
  58b29551bd9682bfe0d07b9dee3f8b71
- SHA1
  
  5d250bf0bd84a30c4860e66b782941abae3d2d56
- SHA256
  
  64bf5cc0730c474b978d64536c0478662ded7834340d2652ea72df4cec5de0e9
- SHA512
  
  f7ddc0b7d16f43fa1acda96942ca9115509be8a3362ef5222da165919ac69806ff11d9dc2672642506099e484c42d2713b5e8ab820bcac915129f65acce0fbef
- SSDEEP
  
  49152:A78iOxd39rGprb/TbvO90d7HjmAFd4A64nsfJFmOt7QcsP4JQze/kd4dx8Vr4Cbh:J3dzNY4vGE+EzQ
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan