cobaltstrike | 79596d1fad788b7e2cd54856b7f5eb10a0f984d8c504331c9c10ae3d50833a65 | Triage

Sharing

General

Target

2024-05-23_ab9facde62f01f6f2d752b9b5b4d3ed8_snatch
Size

1.2MB
Sample

240523-3klqaadd6t
MD5

ab9facde62f01f6f2d752b9b5b4d3ed8
SHA1

46273cf799901cef1946aa60b9f7cb73184d14a2
SHA256

79596d1fad788b7e2cd54856b7f5eb10a0f984d8c504331c9c10ae3d50833a65
SHA512

9b34e93471afb9905f9ff2922f81935ba0022a7e35ecc2b88d8f773a779617e3175fb6889e92a598bf02849f810535142e759324875acf0ab3a59af3c6f0ec95
SSDEEP

12288:rGNZUlDbHJ8zSO86wJgLhoOxqW8CCHwKactI3+cNgM2cNEj9KK1m:iZUlDbGGO8/JgLbWCCWXNgfcKKK1

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://1.14.162.60:6666/mp/bootstrap.min.js

Attributes

user_agent
Accept-Language: zh-cn Accept-Encoding: gzip, deflate Referer: http://mp.weixin.qq.com Content-Type: application/x-www-form-urlencoded User-Agent: WeChat/8.0.5.32 CFNetwork/1237 Darwin/20.4.0

Targets

- Target
  
  2024-05-23_ab9facde62f01f6f2d752b9b5b4d3ed8_snatch
- Size
  
  1.2MB
- MD5
  
  ab9facde62f01f6f2d752b9b5b4d3ed8
- SHA1
  
  46273cf799901cef1946aa60b9f7cb73184d14a2
- SHA256
  
  79596d1fad788b7e2cd54856b7f5eb10a0f984d8c504331c9c10ae3d50833a65
- SHA512
  
  9b34e93471afb9905f9ff2922f81935ba0022a7e35ecc2b88d8f773a779617e3175fb6889e92a598bf02849f810535142e759324875acf0ab3a59af3c6f0ec95
- SSDEEP
  
  12288:rGNZUlDbHJ8zSO86wJgLhoOxqW8CCHwKactI3+cNgM2cNEj9KK1m:iZUlDbGGO8/JgLbWCCWXNgfcKKK1
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan