cobaltstrike | f2c7edbcc0a2befd4cf637658ed4a173c93b9ddf5edd1a88ea3a8239f1f60152 | Triage

Sharing

General

Target

f2c7edbcc0a2befd4cf637658ed4a173c93b9ddf5edd1a88ea3a8239f1f60152
Size

1.0MB
Sample

240913-q947pstapn
MD5

27da57ee434cf6c69bc7c6beea5944b4
SHA1

aae01efe2197124a58ce5d24a290a3ac5255f661
SHA256

f2c7edbcc0a2befd4cf637658ed4a173c93b9ddf5edd1a88ea3a8239f1f60152
SHA512

01c7369b7bf8311b6eeb1a1cb0042867456b960221f8ff2ea06ba8720fcab317657164c7ae2f744eeb1b6a0c54208b37a6e742772a0b6004d2bed2d16f2cddb4
SSDEEP

12288:fANgFSuTSRzGkAzqclqMBpma/cyxR0lg1xbD+SbDMz1A:Q/1RSkADlbxR0lg1xGSvMz1A

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://157.245.59.80:443/fyE9

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)

Targets

- Target
  
  f2c7edbcc0a2befd4cf637658ed4a173c93b9ddf5edd1a88ea3a8239f1f60152
- Size
  
  1.0MB
- MD5
  
  27da57ee434cf6c69bc7c6beea5944b4
- SHA1
  
  aae01efe2197124a58ce5d24a290a3ac5255f661
- SHA256
  
  f2c7edbcc0a2befd4cf637658ed4a173c93b9ddf5edd1a88ea3a8239f1f60152
- SHA512
  
  01c7369b7bf8311b6eeb1a1cb0042867456b960221f8ff2ea06ba8720fcab317657164c7ae2f744eeb1b6a0c54208b37a6e742772a0b6004d2bed2d16f2cddb4
- SSDEEP
  
  12288:fANgFSuTSRzGkAzqclqMBpma/cyxR0lg1xbD+SbDMz1A:Q/1RSkADlbxR0lg1xGSvMz1A
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan