cobaltstrike | 0f42d6ba815739d16f265c678f7798865117ae2ee048107cc3859a60956fd87e | Triage

Submit
Reports

Overview

overview

Static

static

0f42d6ba81...7e.exe

windows7-x64

0f42d6ba81...7e.exe

windows10-2004-x64

Sharing

General

Target

0f42d6ba815739d16f265c678f7798865117ae2ee048107cc3859a60956fd87e
Size

13KB
Sample

240916-sab3zsteka
MD5

7c0e7659be1c8c378a4da4ebb8eec6c4
SHA1

f04dc754d52b621e5a4772d4a18b6aa3c1d089ab
SHA256

0f42d6ba815739d16f265c678f7798865117ae2ee048107cc3859a60956fd87e
SHA512

c497b65a820706e4bb3f748ea761ad737fd2644852e9603e18319fcc6073514114fc1864dda779d4a63bdabb4e7536c6796a77f64893b83b156bfcd53a2f745c
SSDEEP

192:dYFdShBgR1Te4q0FXLl0h8Zswne3Q5tffoWR:OFdSYR1H3XLX6D36R

Score

10^/10

cobaltstrike backdoor persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0f42d6ba815739d16f265c678f7798865117ae2ee048107cc3859a60956fd87e.exe

Resource

win7-20240903-en

cobaltstrike backdoor trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f42d6ba815739d16f265c678f7798865117ae2ee048107cc3859a60956fd87e.exe

Resource

win10v2004-20240802-en

cobaltstrike backdoor persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

cobaltstrike

C2

http://3.122.237.166:4443/HEbn

Attributes

user_agent
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Targets

- Target
  
  0f42d6ba815739d16f265c678f7798865117ae2ee048107cc3859a60956fd87e
- Size
  
  13KB
- MD5
  
  7c0e7659be1c8c378a4da4ebb8eec6c4
- SHA1
  
  f04dc754d52b621e5a4772d4a18b6aa3c1d089ab
- SHA256
  
  0f42d6ba815739d16f265c678f7798865117ae2ee048107cc3859a60956fd87e
- SHA512
  
  c497b65a820706e4bb3f748ea761ad737fd2644852e9603e18319fcc6073514114fc1864dda779d4a63bdabb4e7536c6796a77f64893b83b156bfcd53a2f745c
- SSDEEP
  
  192:dYFdShBgR1Te4q0FXLl0h8Zswne3Q5tffoWR:OFdSYR1H3XLX6D36R
Score

10^/10

cobaltstrike backdoor trojan persistence
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan

© 2018-2025

Terms | Privacy