cobaltstrike | fe1269f812ad85a8709ea6b55744dd041544aa778793c1f17b1ba1d001df58bb | Triage

Sharing

General

Target

fe1269f812ad85a8709ea6b55744dd041544aa778793c1f17b1ba1d001df58bb
Size

19KB
Sample

240616-g2wqxswhlk
MD5

89e9a5838bf4fdce3a3c23ef20c3c5ab
SHA1

48e01530efb0d16167c76cc865ff4dc98ce4f4b7
SHA256

fe1269f812ad85a8709ea6b55744dd041544aa778793c1f17b1ba1d001df58bb
SHA512

94e76fefa52052ce5bfc81feb4f029d197b660d23e26bb08348b8ee779d072abef2734a310755a762e58957a1cc4ee2403733f663dbfc7958e26bc43d8e01d85
SSDEEP

192:tV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2+mKI+UWF8qa1Dojjgi:fqaCF31cix+Dc4zjPIMFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://service-dpz9q07g-1304783326.hk.tencentapigw.cn:443/quF1

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;PTBR)

Targets

- Target
  
  fe1269f812ad85a8709ea6b55744dd041544aa778793c1f17b1ba1d001df58bb
- Size
  
  19KB
- MD5
  
  89e9a5838bf4fdce3a3c23ef20c3c5ab
- SHA1
  
  48e01530efb0d16167c76cc865ff4dc98ce4f4b7
- SHA256
  
  fe1269f812ad85a8709ea6b55744dd041544aa778793c1f17b1ba1d001df58bb
- SHA512
  
  94e76fefa52052ce5bfc81feb4f029d197b660d23e26bb08348b8ee779d072abef2734a310755a762e58957a1cc4ee2403733f663dbfc7958e26bc43d8e01d85
- SSDEEP
  
  192:tV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2+mKI+UWF8qa1Dojjgi:fqaCF31cix+Dc4zjPIMFF46gi
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan