cobaltstrike | 073ab12911a074bce5ce6fa0b9720d6ca0bdf07a1f4f2b00712620e8f10f2008 | Triage

Sharing

General

Target

CVE-2024-30078.zip
Size

277KB
Sample

240910-rb4nysybka
MD5

94d88ed7c854d554681523728830430f
SHA1

57adb136ef443bc35e80ec3149a20dd06a0c269b
SHA256

073ab12911a074bce5ce6fa0b9720d6ca0bdf07a1f4f2b00712620e8f10f2008
SHA512

38b1de20b833ac4f95091940b79506c780fcb946b0c12c188a60004d8f7e6497906fc608d4b93126bfe4feda716a57955b5e81aa6437894fc80d4ac49f7aebb1
SSDEEP

6144:+5iGD0oWv5BKbSk2GxjAc2r8WvTXIy4g9gJv4XyAj:+5XYoWjKbyGxS4ErI09SwHj

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://124.222.72.51:4433/fl9R

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)

Targets

- Target
  
  WiFi驱动高危漏洞补丁.exe
- Size
  
  951KB
- MD5
  
  40d889427c3db5dcf479378dcac954c9
- SHA1
  
  e60fe132d8ddffd242f794b3ebbe2f8ab04824ff
- SHA256
  
  030405f03e9152882d7a480cd4af1ae1e60ab5e10a010c4ac98bad7d8b9c05b4
- SHA512
  
  97f2b968621647ca5de8ff99e321f8a3620a808e6b5af0085274a53ec1bbc6310ee7808e4b4f4d831bb18a7c3e78c8fd242f9aa9a276a5d3ac9070f32d7ed862
- SSDEEP
  
  12288:4QwwPAuxstPiXhK3WX89QLkTtgoYfZFV8BxNDCDZc5bP+MZQFVFmh/Z/4ANyB0:4QKuxst/3WugoBNGD9MaNB
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan