cobaltstrike | a67cd8488bb771c5453b5d1df78d2ae5bb122b6f66d8f93f5bf73f9dbcd18195 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

34e63a18c8ff30f75b61e5926420814f_JaffaCakes118
Size

494KB
Sample

240710-qnt5lszgpn
MD5

34e63a18c8ff30f75b61e5926420814f
SHA1

cc47df97086bf632b894e101682a78d42f8c1ba5
SHA256

a67cd8488bb771c5453b5d1df78d2ae5bb122b6f66d8f93f5bf73f9dbcd18195
SHA512

39219f14b035bf5ffec1266598c637a59500315f5facdc5b2f5598fc6dfef33802b7fdff3a38b95908e9ae7b76b964deb582a4c4460e656c5d709b35d193558d
SSDEEP

12288:y3WFuM8pWrrwPShtMnrSeNA9mPBv8OqWRUO:6WRHgSnKSeNyarqWn

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://lionpick.com:443/image-directory/profile.jpg

Attributes

user_agent
Host: mail.ru Connection: close Accept: image/* Accept-Encoding: gzip, br User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0

Targets

- Target
  
  34e63a18c8ff30f75b61e5926420814f_JaffaCakes118
- Size
  
  494KB
- MD5
  
  34e63a18c8ff30f75b61e5926420814f
- SHA1
  
  cc47df97086bf632b894e101682a78d42f8c1ba5
- SHA256
  
  a67cd8488bb771c5453b5d1df78d2ae5bb122b6f66d8f93f5bf73f9dbcd18195
- SHA512
  
  39219f14b035bf5ffec1266598c637a59500315f5facdc5b2f5598fc6dfef33802b7fdff3a38b95908e9ae7b76b964deb582a4c4460e656c5d709b35d193558d
- SSDEEP
  
  12288:y3WFuM8pWrrwPShtMnrSeNA9mPBv8OqWRUO:6WRHgSnKSeNyarqWn
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan