cobaltstrike | 0efa80d9a7031b7d7932f73dfb32adea14ff303cfac64de849a4b7f335e8f06c | Triage

Sharing

General

Target

2024-09-08_ba9cd83e39fb606ecdb053cb2a88a312_ryuk
Size

3.9MB
Sample

240908-a5cnwsvckq
MD5

ba9cd83e39fb606ecdb053cb2a88a312
SHA1

1a504cbb6484585cb898d3cb581bc8c2463a9be0
SHA256

0efa80d9a7031b7d7932f73dfb32adea14ff303cfac64de849a4b7f335e8f06c
SHA512

4872202d9a8b3bba0a7887898ee583f63ab15fc633928c8f55939f19a2419edf580d8b0511d7fadc68ef7a442a43979f9136b79e8792365812aa8cc20972e20c
SSDEEP

98304:kH8CXVPOOwexy2sovq/V/R7d64PtTTbW0mK2ZvfljtitsECcnbHJK:kHt5E2sovq/hRhkm2ZFos2bHk

Score

10^/10

cobaltstrike backdoor pyinstaller trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://1.116.254.151:8888/Rpc

Attributes

user_agent
Host: outlook.live.com Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)

Targets

- Target
  
  2024-09-08_ba9cd83e39fb606ecdb053cb2a88a312_ryuk
- Size
  
  3.9MB
- MD5
  
  ba9cd83e39fb606ecdb053cb2a88a312
- SHA1
  
  1a504cbb6484585cb898d3cb581bc8c2463a9be0
- SHA256
  
  0efa80d9a7031b7d7932f73dfb32adea14ff303cfac64de849a4b7f335e8f06c
- SHA512
  
  4872202d9a8b3bba0a7887898ee583f63ab15fc633928c8f55939f19a2419edf580d8b0511d7fadc68ef7a442a43979f9136b79e8792365812aa8cc20972e20c
- SSDEEP
  
  98304:kH8CXVPOOwexy2sovq/V/R7d64PtTTbW0mK2ZvfljtitsECcnbHJK:kHt5E2sovq/hRhkm2ZFos2bHk
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2