cobaltstrike | 1a1f96760887c076a2a656cd841b46bb2c24cf6f49545af26772cd6c7a652aea | Triage

Sharing

General

Target

6c038e685bc79b14f7a8d021172fccb2_JaffaCakes118
Size

96KB
Sample

240523-x39beadc2y
MD5

6c038e685bc79b14f7a8d021172fccb2
SHA1

879eb98a697cfc932bf8b69356e3564d477c4567
SHA256

1a1f96760887c076a2a656cd841b46bb2c24cf6f49545af26772cd6c7a652aea
SHA512

22c10a461f581b0c4269aebdecb87fba8e1896a35771c0195f206b11c19a32f0316926cbfb9096c025fc71b13e8eb3f12c972577e64996e78d9c42d621e41152
SSDEEP

1536:DqN5DQW3dIw5z/c1CHDV2bTRrcuqjNnT3dPbxM/4xoT0dt+t:wNIwhkeMbTRAjjFKm4

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://opncloud.net:443/full-beta.crl

Attributes

user_agent
User-Agent: Microsoft-CryptoAPI /10.0 Accept-Encoding: identity Host: opncloud.net

Targets

- Target
  
  6c038e685bc79b14f7a8d021172fccb2_JaffaCakes118
- Size
  
  96KB
- MD5
  
  6c038e685bc79b14f7a8d021172fccb2
- SHA1
  
  879eb98a697cfc932bf8b69356e3564d477c4567
- SHA256
  
  1a1f96760887c076a2a656cd841b46bb2c24cf6f49545af26772cd6c7a652aea
- SHA512
  
  22c10a461f581b0c4269aebdecb87fba8e1896a35771c0195f206b11c19a32f0316926cbfb9096c025fc71b13e8eb3f12c972577e64996e78d9c42d621e41152
- SSDEEP
  
  1536:DqN5DQW3dIw5z/c1CHDV2bTRrcuqjNnT3dPbxM/4xoT0dt+t:wNIwhkeMbTRAjjFKm4
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan