cobaltstrike | 0abffe828d2eb7e3afd05070cd31f109e85279619df66f536fcd0ad0e42cc315 | Triage

Sharing

General

Target

0abffe828d2eb7e3afd05070cd31f109e85279619df66f536fcd0ad0e42cc315
Size

14KB
Sample

240916-vyqx6azgjl
MD5

3d190541758e0f39bbe43700e8445d9f
SHA1

72d168679f3bc5977b7cf8dd81e712bae4c64b83
SHA256

0abffe828d2eb7e3afd05070cd31f109e85279619df66f536fcd0ad0e42cc315
SHA512

2fc3a2c89325842b3c019fba36fa4389e3312f6ac955939550776319ce017b8480941406c8a7994e9e86a9335bc78927140fec57779b5fcb9d5fd9c32e2478f6
SSDEEP

192:wO8CyIeAUKLeADlDp16N8feKr0h8syciISeKX83e3Q5tfgo7:wvueA/Lv/16+GKlsycVKN3c

Score

10^/10

cobaltstrike backdoor persistence trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://3.122.237.166:4443/HEbn

Attributes

user_agent
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Targets

- Target
  
  0abffe828d2eb7e3afd05070cd31f109e85279619df66f536fcd0ad0e42cc315
- Size
  
  14KB
- MD5
  
  3d190541758e0f39bbe43700e8445d9f
- SHA1
  
  72d168679f3bc5977b7cf8dd81e712bae4c64b83
- SHA256
  
  0abffe828d2eb7e3afd05070cd31f109e85279619df66f536fcd0ad0e42cc315
- SHA512
  
  2fc3a2c89325842b3c019fba36fa4389e3312f6ac955939550776319ce017b8480941406c8a7994e9e86a9335bc78927140fec57779b5fcb9d5fd9c32e2478f6
- SSDEEP
  
  192:wO8CyIeAUKLeADlDp16N8feKr0h8syciISeKX83e3Q5tfgo7:wvueA/Lv/16+GKlsycVKN3c
Score

10^/10

cobaltstrike backdoor trojan persistence
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoorpersistencetrojan