cobaltstrike | a97f8afdf91943ab21197651c155a799d386fa6f84f457b1fa6eaf23f7ecc3fe | Triage

Submit
Reports

Overview

overview

Static

static

3

a97f8afdf9...fe.exe

windows7-x64

a97f8afdf9...fe.exe

windows10-2004-x64

Sharing

General

Target

a97f8afdf91943ab21197651c155a799d386fa6f84f457b1fa6eaf23f7ecc3fe
Size

393KB
Sample

240521-lf94msgd54
MD5

c24b006757a1547f186ae964692d6ced
SHA1

9aaf71667f51d5370097e67af437ebd4a1706d17
SHA256

a97f8afdf91943ab21197651c155a799d386fa6f84f457b1fa6eaf23f7ecc3fe
SHA512

44814cac7370ab690f2d24e3e4b911b96a1bf9b324f85ac59cbcbbae3acc06c99b321060ffa921e313c6369293e7cc845d9ff97b147299d712d2b31b92252d96
SSDEEP

6144:OgZiAEAO0sByNsAal3gVAWgS7/Ohwj3ulclvo7sxExUkK:OgZXEAO/BUdG3gVdt7KSwivouESH

Score

10^/10

cobaltstrike backdoor trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a97f8afdf91943ab21197651c155a799d386fa6f84f457b1fa6eaf23f7ecc3fe.exe

Resource

win7-20240221-en

cobaltstrike backdoor trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a97f8afdf91943ab21197651c155a799d386fa6f84f457b1fa6eaf23f7ecc3fe.exe

Resource

win10v2004-20240508-en

cobaltstrike backdoor trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

cobaltstrike

C2

http://120.55.183.201:8001/NAVx

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)

Targets

- Target
  
  a97f8afdf91943ab21197651c155a799d386fa6f84f457b1fa6eaf23f7ecc3fe
- Size
  
  393KB
- MD5
  
  c24b006757a1547f186ae964692d6ced
- SHA1
  
  9aaf71667f51d5370097e67af437ebd4a1706d17
- SHA256
  
  a97f8afdf91943ab21197651c155a799d386fa6f84f457b1fa6eaf23f7ecc3fe
- SHA512
  
  44814cac7370ab690f2d24e3e4b911b96a1bf9b324f85ac59cbcbbae3acc06c99b321060ffa921e313c6369293e7cc845d9ff97b147299d712d2b31b92252d96
- SSDEEP
  
  6144:OgZiAEAO0sByNsAal3gVAWgS7/Ohwj3ulclvo7sxExUkK:OgZXEAO/BUdG3gVdt7KSwivouESH
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan

© 2018-2024

Terms | Privacy