cobaltstrike | 1049ec18b411533a89ba65968ebaeade90c0454f8dd0389542aaa5a35c648200 | Triage

Sharing

General

Target

file.ps1
Size

3KB
Sample

240607-srq88sad2s
MD5

cde7890c842abe7894323121fec0ee9e
SHA1

4f5fb65765e083bbb74bc0e7c7f3003c666db171
SHA256

1049ec18b411533a89ba65968ebaeade90c0454f8dd0389542aaa5a35c648200
SHA512

807d15f5c6aab49ed87fb76ee53be60a88d886b3b25406f9440ac487361aa6122e6f1c53333144ea22c8883645c75f0dca8c09ed297011a9c59bca0734eb4f2d

Score

10^/10

cobaltstrike execution

Malware Config

Extracted

Family

cobaltstrike

C2

http://8.219.229.99:443/api/2

Attributes

user_agent
Host: n0tion.link User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MASAJS)

Targets

- Target
  
  file.ps1
- Size
  
  3KB
- MD5
  
  cde7890c842abe7894323121fec0ee9e
- SHA1
  
  4f5fb65765e083bbb74bc0e7c7f3003c666db171
- SHA256
  
  1049ec18b411533a89ba65968ebaeade90c0454f8dd0389542aaa5a35c648200
- SHA512
  
  807d15f5c6aab49ed87fb76ee53be60a88d886b3b25406f9440ac487361aa6122e6f1c53333144ea22c8883645c75f0dca8c09ed297011a9c59bca0734eb4f2d
Score

8^/10

execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2