cobaltstrike

Sharing

Copy URL

Twitter E-mail

General

Target

sample.zip
Size

164.6MB
Sample

240909-nbxzmavcjp
MD5

9184f812e7551c188005d99e431d3684
SHA1

4f2ca58cd4ca6d012df7f7bfeb5769e4418f63eb
SHA256

e903253b73d3e43e98088dce800bd5fb75c9b2786153c6d0150080c1d002bbb3
SHA512

80c7c2878edba585b63f745e9d7924f3fd0ab72fd3d6a42c348affbced42152b76b0f20ab26ffa9e91b529387a721b00d217e67e43bd74b44e0d60b967c45e96
SSDEEP

3145728:7IJo8sA8wiVpfcFSeiMl00hjqN6M/QChLy5zSrbgpljrPIxPLzqJedD+DC3mb:OoTAUpc4eiruo5DUpl3PoeiyDC36

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

http://:4444YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY

http://M1�H��H��H��H��A��H��jAXL��H��A��7g��H1�H��A��8��M1�H1�H��A�t�;��H��H��A�unMa��H�Ġ:1220708680M1�H1�H��A�t�;��H��H��A�unMa��H�Ġ

http://M1�H��H��H��H��A��H��jAXL��H��A��ta��H��@:1220708680H��M1�jAXH��A��_��H�� ^��j@AYh

http://124.222.72.51:4433/fl9R

http://124.222.72.51:4433/TY7y

Attributes

user_agent
h

Extracted

Family

metasploit

Version

windows/download_exec

http://:4444YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY

Extracted

Family

metasploit

Version

metasploit_stager

127.0.0.1:4444

Targets

- Target
  
  sample.zip
- Size
  
  164.6MB
- MD5
  
  9184f812e7551c188005d99e431d3684
- SHA1
  
  4f2ca58cd4ca6d012df7f7bfeb5769e4418f63eb
- SHA256
  
  e903253b73d3e43e98088dce800bd5fb75c9b2786153c6d0150080c1d002bbb3
- SHA512
  
  80c7c2878edba585b63f745e9d7924f3fd0ab72fd3d6a42c348affbced42152b76b0f20ab26ffa9e91b529387a721b00d217e67e43bd74b44e0d60b967c45e96
- SSDEEP
  
  3145728:7IJo8sA8wiVpfcFSeiMl00hjqN6M/QChLy5zSrbgpljrPIxPLzqJedD+DC3mb:OoTAUpc4eiruo5DUpl3PoeiyDC36
Score

1^/10
behavioral1 behavioral2
- Target
  
  temp/1.c
- Size
  
  15KB
- MD5
  
  e6d7a29c5f5224235a7bdfff35ab6200
- SHA1
  
  9a3e74303efeadca49bb8e7884a48782ca0fa9a9
- SHA256
  
  0babb210b3a252364147366546f398f4715b7d1816c0389567f235dc68a971d5
- SHA512
  
  8bb6c59d07145d932d772849f697b858226bbad4bd7d23bf20c5931f458c704408bf3ecd2291d742fa66bdd04229fc763af7b26c9de7b43d2401e2ecc7c92b12
- SSDEEP
  
  192:adZ8LZBJ6HolAUgVfaRp8X/4f4yJ9EDB8jCYfJL4c09FyQXTG02yA:aIL/UHPX/KrwB8jCYRL4cCrG6A
Score

3^/10
behavioral3 behavioral4
- Target
  
  temp/1.exe
- Size
  
  19KB
- MD5
  
  5cebc6552eb1d0665391ddbe8a25bfff
- SHA1
  
  5790e528e7a31624698be513cfde41434c00fa08
- SHA256
  
  2d4791c66db346075cc3811dedc19b66cdda13d8deb7ef3c5aa44843e8e61597
- SHA512
  
  6fca698ba55bff41b4b72510d0038a7bbcb73a6e7e4033090ddb2f578b370e330b492bd2c7ee1169ed03b87caff593c23c967994e54f70eed88e337da1649c92
- SSDEEP
  
  192:wV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2bG2IZB0EaFWF8qa1Dojjgi:SqaCF31cix+Dc4zjsq9aoFF46gi
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral5 behavioral6
- Target
  
  temp/123
- Size
  
  22KB
- MD5
  
  4a90040302c33081d5e5df4b10eb7320
- SHA1
  
  851ff8e45f38778d922882029fb99ecd93b4535e
- SHA256
  
  195ad99ee3741dbea5096b771ee195fee091038ad33a57c862aed409a66551b4
- SHA512
  
  a71c30f8ca4919e70ab81b67d09a56b9b332949d7bebe85695665b662811c9f26dcc3578c25a60050d1fa6209ce9de30d212397c787c101e0c30f45b67213aab
- SSDEEP
  
  384:DZ9xrLJ0LqtQ+18CkefO9Z7r+vnsiD663c3YoVjNV:9PC+18CkeG7+UiD6JYYx
Score

1^/10
behavioral7
- Target
  
  temp/CS4.9/CS.lnk
- Size
  
  1KB
- MD5
  
  62d90aa0cd605bc076598c879cd354b5
- SHA1
  
  81f2b92878179b3bf88ab672127318ea869e6bd8
- SHA256
  
  d98a3f001ed12031dc551c60214e796c24cbea18fe16c7918a4bfa1f7506ff5c
- SHA512
  
  9f384bf9d8087078829914b9e57ac670c41b59f1caa9997b867381784109df858792dd3393be3bf59ec7fbe268af27d8a6f0297216b20244d38510aafd7d1802
Score

3^/10
behavioral8 behavioral9
- Target
  
  temp/CS4.9/Cobalt_Strike.bat
- Size
  
  139B
- MD5
  
  223ea4ed52ff6bab8f8c9616c0139e1b
- SHA1
  
  fd05a9fd71565c92ebe3d6eeba017c62868839dd
- SHA256
  
  3c4a434f5d3a7ab2e340d1ab298ab0d0501fb604853c9a57f3fb1bba33050d41
- SHA512
  
  f4847d49816bde174dd838ad95ee987a943fb7d606c83ad7bb43db7a96e8a3e48360027b1d36bbe9e9adc9dab93ed732bc79965c1a3062c9c42239045e183172
Score

1^/10
behavioral10 behavioral11
- Target
  
  temp/CS4.9/Cobalt_Strike.bat.lnk
- Size
  
  984B
- MD5
  
  1f7adcbd98ea973a14535f90387be49c
- SHA1
  
  5cc52ceefee98506a3c3a2f63428c4b309f73764
- SHA256
  
  47c797e34851e1f06c01ce3abec9133292f7036fd5b82300cc9dd07c6106d694
- SHA512
  
  88b6fac11177b8bc4b7a9a58c510a2d3d1de198e169a874f7cdf47ac0019f4e9b4706151c11446e320fae8e1fa1dbff56a5ed230e1e50b3ebdedf812f76c6926
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral12 behavioral13
- Target
  
  temp/CS4.9/Cobalt_Strike.vbs
- Size
  
  80B
- MD5
  
  f1a09f277b7a32831721f27b9dfdac41
- SHA1
  
  5b9790a3a7d309344ea38d29aad11cebd3349d54
- SHA256
  
  62562ce3faf7abea23e0cbe69293e61aa307ddc28d1e3329cf373dc009fc396b
- SHA512
  
  b13f2f18f204ffb190f2d1a70ebe9b2785ea07e45217d5b8a100178dcb27ec2213d1fcb341f1ea6f48e8b8d395ab68e3de3a4f6647c24e8b165027582e1e4f9d
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral14 behavioral15
- Target
  
  temp/CS4.9/Cobalt_Strike.vbs.lnk
- Size
  
  996B
- MD5
  
  d4ae53b544766dceaa964536984b6661
- SHA1
  
  91fed80a71fac872bd50de35ae82508ed52d9a4f
- SHA256
  
  3378f31ad0d7d6e28b7a300ee55d59aad33348822424ffdcf00b0d157fe15160
- SHA512
  
  7a7b9e916814097146407174b815c95a0f3c994bf49bdd99f74e85d9265f99b79c2ce32a412d860856d405cc83d2b2c3cfa54269ffc1041e9dadc35aecbc6587
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral16 behavioral17
- Target
  
  temp/CS4.9/TeamServerImage
- Size
  
  97.9MB
- MD5
  
  e781a4479f7c5a03b2dcfe4bd436366f
- SHA1
  
  bfffc852a3d6e1902e213db5aadef06e09c257f1
- SHA256
  
  db921023bb3682408071790d789412107fa474ad722b94dbc8a99ea703a73d6f
- SHA512
  
  a350607be3b221bc1255164dc547d6528e32a8f5af606d680f8dd3ba30fba8561ee78f3e34aa5a570a0eedde6f3dd8400993c180eeaa7dab7b0932cabfcf75c7
- SSDEEP
  
  1572864:F5srKKj7UQUQ9/Df7RGlntD66qj/jrW2x7W:ArKyf0t+6M3rxC
Score

4^/10

discovery
behavioral18
- Target
  
  temp/CS4.9/c2lint
- Size
  
  192B
- MD5
  
  6b90e50ad27a1f6fbdf31bf0193278c5
- SHA1
  
  c388c34f6a48f9ff8d9bdc05c2fa68adff25bbdd
- SHA256
  
  679e5afb906673973063e166fee88eadd87adb110000b49315e493a1358a6101
- SHA512
  
  131077a900773ab46b2b4cebe02a5c4987c3dc1127a1d71df62268405e29349add7595e077ef9422023945f66b4aa1b61b9f72580916db5a4137b82be65a921a
Score

1^/10
behavioral19 behavioral20 behavioral21 behavioral22
- Target
  
  temp/CS4.9/cobaltstrike-client.jar
- Size
  
  24.4MB
- MD5
  
  a09b2907278a6452d91ed4dbd9798e38
- SHA1
  
  26cffb1154cd9e50098fa1604df868facd4f9bae
- SHA256
  
  e6625119e4491a1bd42849778816250f4658fac1d5554fd51e5ba67e0b244f56
- SHA512
  
  9454f1ad2e21932e47047812655e7ba53faeccf941d92baa755e24254cb890931455086b3e92d5c644315d584d2e3310a4cc8693cc62d9d0f5ba1dae02c9a74d
- SSDEEP
  
  786432:jXWN48462ATqLG7NnX0EGqIIV7+85uRLben0GS:rXnpUqLAZBIIV7qLa05
Score

1^/10
behavioral23 behavioral24
- Target
  
  temp/CS4.9/uHook.jar
- Size
  
  6KB
- MD5
  
  06b9b13bc41f21352a876eeef93e0533
- SHA1
  
  f9292fe1c74c82dff76d55b5f83bdf933d8af0cc
- SHA256
  
  53ed7abed5ee97f68f135fafddd33b27aa34114acbeac415c1789834ea3ccde6
- SHA512
  
  103942e83058aa7800177fb68ef9f65a9db9d5332eeadf6c259e8a3b5ff630613e02c3d95a10fa7e37b3d00d9751d6cf6e0de56488856b1e4bf34f1d129ec9df
- SSDEEP
  
  192:tnQKa6mOUi66evlNcmJBH+xGQo+pViBTWBy1ZF4:tnPatOJ65cwP9+psBVB4
Score

1^/10
behavioral25 behavioral26
- Target
  
  temp/CS4.9/uploads/CVE-2024-30078.zip
- Size
  
  277KB
- MD5
  
  94d88ed7c854d554681523728830430f
- SHA1
  
  57adb136ef443bc35e80ec3149a20dd06a0c269b
- SHA256
  
  073ab12911a074bce5ce6fa0b9720d6ca0bdf07a1f4f2b00712620e8f10f2008
- SHA512
  
  38b1de20b833ac4f95091940b79506c780fcb946b0c12c188a60004d8f7e6497906fc608d4b93126bfe4feda716a57955b5e81aa6437894fc80d4ac49f7aebb1
- SSDEEP
  
  6144:+5iGD0oWv5BKbSk2GxjAc2r8WvTXIy4g9gJv4XyAj:+5XYoWjKbyGxS4ErI09SwHj
Score

1^/10
behavioral27 behavioral28
- Target
  
  WiFi驱动高危漏洞补丁.exe
- Size
  
  951KB
- MD5
  
  40d889427c3db5dcf479378dcac954c9
- SHA1
  
  e60fe132d8ddffd242f794b3ebbe2f8ab04824ff
- SHA256
  
  030405f03e9152882d7a480cd4af1ae1e60ab5e10a010c4ac98bad7d8b9c05b4
- SHA512
  
  97f2b968621647ca5de8ff99e321f8a3620a808e6b5af0085274a53ec1bbc6310ee7808e4b4f4d831bb18a7c3e78c8fd242f9aa9a276a5d3ac9070f32d7ed862
- SSDEEP
  
  12288:4QwwPAuxstPiXhK3WX89QLkTtgoYfZFV8BxNDCDZc5bP+MZQFVFmh/Z/4ANyB0:4QKuxst/3WugoBNGD9MaNB
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral29 behavioral30
- Target
  
  temp/CS4.9/uploads/WiFi.exe
- Size
  
  951KB
- MD5
  
  40d889427c3db5dcf479378dcac954c9
- SHA1
  
  e60fe132d8ddffd242f794b3ebbe2f8ab04824ff
- SHA256
  
  030405f03e9152882d7a480cd4af1ae1e60ab5e10a010c4ac98bad7d8b9c05b4
- SHA512
  
  97f2b968621647ca5de8ff99e321f8a3620a808e6b5af0085274a53ec1bbc6310ee7808e4b4f4d831bb18a7c3e78c8fd242f9aa9a276a5d3ac9070f32d7ed862
- SSDEEP
  
  12288:4QwwPAuxstPiXhK3WX89QLkTtgoYfZFV8BxNDCDZc5bP+MZQFVFmh/Z/4ANyB0:4QKuxst/3WugoBNGD9MaNB
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Checks computer location settings

Enumerates connected drives

Checks computer location settings

Checks computer location settings

Cobaltstrike

Cobaltstrike

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32