cobaltstrike | 668d364424755476b21ddfdc148e79d93263223b73df335e48a8e0f204c5b851 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

668d364424755476b21ddfdc148e79d93263223b73df335e48a8e0f204c5b851
Size

5.4MB
Sample

240802-2j4n2axhpe
MD5

42637114e60fdd82d27b0c231209f21b
SHA1

f558becc7c4bcb9e37ee90f9218359bc5e44c096
SHA256

668d364424755476b21ddfdc148e79d93263223b73df335e48a8e0f204c5b851
SHA512

9a3833061f2a10eb1cc118830c52b36a185db8a21abf9c0300455f44961a4a9f8e1c5b53100d37d5fc44bb8c98bf6c1442296c0ad39d4864ce81ced5c53a8d47
SSDEEP

98304:UlzHIDRzwnzjbShdj64X7ZFxnZZag1NlnJEHrZN65YeZ96YFzPIaH:UFHa1yzj6dj6aRnzag1naH6qeZVgaH

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://43.143.198.113:4567/mq2M

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)

Targets

- Target
  
  668d364424755476b21ddfdc148e79d93263223b73df335e48a8e0f204c5b851
- Size
  
  5.4MB
- MD5
  
  42637114e60fdd82d27b0c231209f21b
- SHA1
  
  f558becc7c4bcb9e37ee90f9218359bc5e44c096
- SHA256
  
  668d364424755476b21ddfdc148e79d93263223b73df335e48a8e0f204c5b851
- SHA512
  
  9a3833061f2a10eb1cc118830c52b36a185db8a21abf9c0300455f44961a4a9f8e1c5b53100d37d5fc44bb8c98bf6c1442296c0ad39d4864ce81ced5c53a8d47
- SSDEEP
  
  98304:UlzHIDRzwnzjbShdj64X7ZFxnZZag1NlnJEHrZN65YeZ96YFzPIaH:UFHa1yzj6dj6aRnzag1naH6qeZVgaH
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan