cobaltstrike | 835f477464eac132d3853bb9fc9269f540ba9542f2cdbaa1c180a49cd1f5c3ac | Triage

Sharing

General

Target

artifact_x64.exe
Size

19KB
Sample

240910-lw7nfsxfmr
MD5

545ec1b3b6d648e9fdf9c08fc8e84a78
SHA1

6188ecf7c3881938ed3d3276fc0f3b3415f8b9d2
SHA256

835f477464eac132d3853bb9fc9269f540ba9542f2cdbaa1c180a49cd1f5c3ac
SHA512

a8047d17b155bb6ab926a93da11676e401d6eab1a6e8b59bd39b395cad99a782af6031e9b59e4d7659e5934fd54fe392c177b90a165d94b53913e99d164b8d9d
SSDEEP

192:rV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2f6IRtWF8qa1Dojjgi:FqaCF31cix+Dc4zjrFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://6.tcp.eu.ngrok.io:17148/X2mf

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)

Targets

- Target
  
  artifact_x64.exe
- Size
  
  19KB
- MD5
  
  545ec1b3b6d648e9fdf9c08fc8e84a78
- SHA1
  
  6188ecf7c3881938ed3d3276fc0f3b3415f8b9d2
- SHA256
  
  835f477464eac132d3853bb9fc9269f540ba9542f2cdbaa1c180a49cd1f5c3ac
- SHA512
  
  a8047d17b155bb6ab926a93da11676e401d6eab1a6e8b59bd39b395cad99a782af6031e9b59e4d7659e5934fd54fe392c177b90a165d94b53913e99d164b8d9d
- SSDEEP
  
  192:rV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2f6IRtWF8qa1Dojjgi:FqaCF31cix+Dc4zjrFF46gi
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan