cobaltstrike | 1fdbb8e905dd0cb68c6c3eb817945c7db92f02b8891af1a0deaf75cbff37d419 | Triage

Sharing

General

Target

3b30be75a36539c7b9f9b4b8fb5c28b0
Size

3KB
Sample

240917-eb7z6atbpk
MD5

3b30be75a36539c7b9f9b4b8fb5c28b0
SHA1

2c4b0f7b6cd8a1932c43ee02d2df3dc9e93a7342
SHA256

1fdbb8e905dd0cb68c6c3eb817945c7db92f02b8891af1a0deaf75cbff37d419
SHA512

ce67a2f854002659d55e31819df0dc93b5872f2e786570c55b0ff242547efb168ee27fe0180bed0837557712861703f23f7db661edf6f36ffaf9a6297d4fef77

Score

10^/10

cobaltstrike execution

Malware Config

Extracted

Family

cobaltstrike

C2

http://91.92.243.205:80/uZV8

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM; MANM)

Targets

- Target
  
  3b30be75a36539c7b9f9b4b8fb5c28b0
- Size
  
  3KB
- MD5
  
  3b30be75a36539c7b9f9b4b8fb5c28b0
- SHA1
  
  2c4b0f7b6cd8a1932c43ee02d2df3dc9e93a7342
- SHA256
  
  1fdbb8e905dd0cb68c6c3eb817945c7db92f02b8891af1a0deaf75cbff37d419
- SHA512
  
  ce67a2f854002659d55e31819df0dc93b5872f2e786570c55b0ff242547efb168ee27fe0180bed0837557712861703f23f7db661edf6f36ffaf9a6297d4fef77
Score

8^/10

execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2