cobaltstrike | 6e5547cef1780924c004041f9cd56d78a1415a65b77c09a73e2273c1a78ff494 | Triage

Sharing

General

Target

6e5547cef1780924c004041f9cd56d78a1415a65b77c09a73e2273c1a78ff494
Size

19KB
Sample

240909-nnswfaxhjc
MD5

a6720d7cf0af3ca1e57d3d7b7b968592
SHA1

75f6bb221e53ef5e063fff03c97ce67b9616db72
SHA256

6e5547cef1780924c004041f9cd56d78a1415a65b77c09a73e2273c1a78ff494
SHA512

147f8a5985d57b9de79adff0bb4f313adb8dc5af192b66214ef6c583403ed292a26a26c6a0dc7e31a77f0e8106914a772e2b222a1409faaf5fc956fddcc3aeeb
SSDEEP

192:KV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2D6bGWF8qa1Dojjgi:kqaCF31cix+Dc4zjjFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.209.138:8080/y8s9

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E)

Targets

- Target
  
  6e5547cef1780924c004041f9cd56d78a1415a65b77c09a73e2273c1a78ff494
- Size
  
  19KB
- MD5
  
  a6720d7cf0af3ca1e57d3d7b7b968592
- SHA1
  
  75f6bb221e53ef5e063fff03c97ce67b9616db72
- SHA256
  
  6e5547cef1780924c004041f9cd56d78a1415a65b77c09a73e2273c1a78ff494
- SHA512
  
  147f8a5985d57b9de79adff0bb4f313adb8dc5af192b66214ef6c583403ed292a26a26c6a0dc7e31a77f0e8106914a772e2b222a1409faaf5fc956fddcc3aeeb
- SSDEEP
  
  192:KV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2D6bGWF8qa1Dojjgi:kqaCF31cix+Dc4zjjFF46gi
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan