cobaltstrike | 833646741fb5c16509aa2a08b2974d7885f9e2e3b57cd2114ae294f5df97523e | Triage

Sharing

General

Target

833646741fb5c16509aa2a08b2974d7885f9e2e3b57cd2114ae294f5df97523e
Size

1.4MB
Sample

240913-y5m2maxajj
MD5

79435d7e1b5dfaf767540e9306f493dc
SHA1

2b75bdde82428b67f63af6f8e4635c989bd34e29
SHA256

833646741fb5c16509aa2a08b2974d7885f9e2e3b57cd2114ae294f5df97523e
SHA512

e31e64fdbd72d5b05c0a9969f76896dc7970caf78d6f6ad1d4b929a4b6a85a45c15453cdb6a038fbdae1431f17ef31de6f792fb46e4d21ba03d129f6575f577e
SSDEEP

24576:xME3RSbRtlqRRdhQvN5+Wfz8qUU6pFir5E:lEbRIwVfXQFg5E

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://172.31.105.148:80/jquery-3.3.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

- Target
  
  833646741fb5c16509aa2a08b2974d7885f9e2e3b57cd2114ae294f5df97523e
- Size
  
  1.4MB
- MD5
  
  79435d7e1b5dfaf767540e9306f493dc
- SHA1
  
  2b75bdde82428b67f63af6f8e4635c989bd34e29
- SHA256
  
  833646741fb5c16509aa2a08b2974d7885f9e2e3b57cd2114ae294f5df97523e
- SHA512
  
  e31e64fdbd72d5b05c0a9969f76896dc7970caf78d6f6ad1d4b929a4b6a85a45c15453cdb6a038fbdae1431f17ef31de6f792fb46e4d21ba03d129f6575f577e
- SSDEEP
  
  24576:xME3RSbRtlqRRdhQvN5+Wfz8qUU6pFir5E:lEbRIwVfXQFg5E
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan