cobaltstrike | ee014b3f73ef1e64af32f01d881b2bb51cf447ecf9158c1bb2c473b14f5134d8 | Triage

Sharing

General

Target

e223aeb6685032017a3feb55fc8a4446_JaffaCakes118
Size

19KB
Sample

240915-k15tzswfjl
MD5

e223aeb6685032017a3feb55fc8a4446
SHA1

5c974b2f6723447ebe0240e0eb601ad4e4948b4e
SHA256

ee014b3f73ef1e64af32f01d881b2bb51cf447ecf9158c1bb2c473b14f5134d8
SHA512

fc02a9fd3db27f3f69913fe9d6098261b435986f8b21b0b6c7fae7d75b5e948c871c280020fe1bb74e46acba093cf95f964454cdffc8ed00d02992125ae28197
SSDEEP

192:LbPLhIofWpw2mobwieDzPIPsXgbGQGfMZAq/V5nnnRZ1eZAqKtljvTNKShh2x48:LD6ofWCTNc5bGQGBMAZ1gfDj8

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://ctteducation.com:443/3bxP

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP09; NP09; MAAU)

Targets

- Target
  
  e223aeb6685032017a3feb55fc8a4446_JaffaCakes118
- Size
  
  19KB
- MD5
  
  e223aeb6685032017a3feb55fc8a4446
- SHA1
  
  5c974b2f6723447ebe0240e0eb601ad4e4948b4e
- SHA256
  
  ee014b3f73ef1e64af32f01d881b2bb51cf447ecf9158c1bb2c473b14f5134d8
- SHA512
  
  fc02a9fd3db27f3f69913fe9d6098261b435986f8b21b0b6c7fae7d75b5e948c871c280020fe1bb74e46acba093cf95f964454cdffc8ed00d02992125ae28197
- SSDEEP
  
  192:LbPLhIofWpw2mobwieDzPIPsXgbGQGfMZAq/V5nnnRZ1eZAqKtljvTNKShh2x48:LD6ofWCTNc5bGQGBMAZ1gfDj8
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan