cobaltstrike | a88bbf9a2a8da7098bf603bf4d7bcba333ba85df1c55f1c7b64d90784f03ab4b | Triage

Sharing

General

Target

a88bbf9a2a8da7098bf603bf4d7bcba333ba85df1c55f1c7b64d90784f03ab4b
Size

1.7MB
Sample

240911-p7p5bs1fqr
MD5

a766db1aee8f908c464778289e38be9c
SHA1

21d82ce41610e6f18f0fb349b74bdedb12e51313
SHA256

a88bbf9a2a8da7098bf603bf4d7bcba333ba85df1c55f1c7b64d90784f03ab4b
SHA512

95ad518a8460e900488990b9d33e88760bd6135064f003310c4c68012697a5cfb914c21572601a5b3a87466c11deead421a6cdbe3f507716ac319a3f19035df9
SSDEEP

49152:qjsaER4TmpxwL+rnS+fNtUoVWvjn5nvR8:csHRMmkLySabxWr5vR8

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.20.93:4444/um1J

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATP; MATP)

Targets

- Target
  
  a88bbf9a2a8da7098bf603bf4d7bcba333ba85df1c55f1c7b64d90784f03ab4b
- Size
  
  1.7MB
- MD5
  
  a766db1aee8f908c464778289e38be9c
- SHA1
  
  21d82ce41610e6f18f0fb349b74bdedb12e51313
- SHA256
  
  a88bbf9a2a8da7098bf603bf4d7bcba333ba85df1c55f1c7b64d90784f03ab4b
- SHA512
  
  95ad518a8460e900488990b9d33e88760bd6135064f003310c4c68012697a5cfb914c21572601a5b3a87466c11deead421a6cdbe3f507716ac319a3f19035df9
- SSDEEP
  
  49152:qjsaER4TmpxwL+rnS+fNtUoVWvjn5nvR8:csHRMmkLySabxWr5vR8
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan