cobaltstrike | bf2a11710eb16103afbcb200979c9a6de040a9b6d5e77bde5d6a93b5837aa6f1 | Triage

Submit
Reports

Overview

overview

Static

static

3

start_yara.exe

windows7-x64

Sharing

General

Target

start_yara.exee
Size

4.6MB
Sample

240910-j1bepstdmj
MD5

90bacba6d4a481397d3a759f06bf7271
SHA1

bf0c904a0d72981e51ff575272203c03c8e3327a
SHA256

bf2a11710eb16103afbcb200979c9a6de040a9b6d5e77bde5d6a93b5837aa6f1
SHA512

a6582bf8132cd1c3aba5a345e1fb79c255f187b6e68d7ea0dc0c34bd8596ac1462cf97beb5716ef5fd85f09436e61b1c2b03f690f9e7198d8666a3b03c9e4ad7
SSDEEP

98304:VllLJqs6/is/bhFAf5lx7pll23uog6rbre/Zs/z1rzN:VlusXs/bhC17HzD66xs/z1rB

Score

10^/10

cobaltstrike industroyer merlin netfilter netwire remcos snakekeylogger backdoor botnet discovery ics keylogger rat rootkit stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

start_yara.exe

Resource

win7-20240708-en

cobaltstrike industroyer merlin netfilter netwire remcos snakekeylogger backdoor botnet discovery ics keylogger rat rootkit stealer trojan

windows7-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  start_yara.exee
- Size
  
  4.6MB
- MD5
  
  90bacba6d4a481397d3a759f06bf7271
- SHA1
  
  bf0c904a0d72981e51ff575272203c03c8e3327a
- SHA256
  
  bf2a11710eb16103afbcb200979c9a6de040a9b6d5e77bde5d6a93b5837aa6f1
- SHA512
  
  a6582bf8132cd1c3aba5a345e1fb79c255f187b6e68d7ea0dc0c34bd8596ac1462cf97beb5716ef5fd85f09436e61b1c2b03f690f9e7198d8666a3b03c9e4ad7
- SSDEEP
  
  98304:VllLJqs6/is/bhFAf5lx7pll23uog6rbre/Zs/z1rzN:VlusXs/bhC17HzD66xs/z1rB
Score

10^/10

cobaltstrike industroyer merlin netfilter netwire remcos snakekeylogger backdoor botnet discovery ics keylogger rat rootkit stealer trojan
- Cobalt Strike reflective loader
  Detects the reflective loader used by Cobalt Strike.
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Industroyer
  Also known as CrashOverride. Malware framework which targets Industrial Control Systems (ICS) related to power transmission.
  ics industroyer
- Industroyer IEC-104 Module
  Contains strings related to Industroyer module used to communicate with power transmission grids over IEC-104 protocol.
- Merlin
  Merlin is a cross-platform post-exploitation C2 framework written in golang.
  backdoor merlin
- Merlin payload
- NetFilter
  NetFilter is a rootkit first seen in June 2021.
  rootkit netfilter
- NetFilter payload
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikeindustroyermerlinnetfilternetwireremcossnakekeyloggerbackdoorbotnetdiscoveryicskeyloggerratrootkitstealertrojan

© 2018-2024

Terms | Privacy