cobaltstrike | 06e84d4ca066dbe20b4d37686b65493fcef7f085e377af0afe9ec2b4ee57d7e7 | Triage

Sharing

General

Target

06e84d4ca066dbe20b4d37686b65493fcef7f085e377af0afe9ec2b4ee57d7e7
Size

1.3MB
Sample

240918-nkrtzaxgrc
MD5

223aee3f86a178df73c9dda86284ae64
SHA1

f7b2abf596768dacce222927c87312682461458f
SHA256

06e84d4ca066dbe20b4d37686b65493fcef7f085e377af0afe9ec2b4ee57d7e7
SHA512

00915ce54803e540f84265964870203c925f31443eb06f125646edcdd7b0766c30dcaafd7cc0d851776169e8533ef5bbebaf978f29a903a38de25a2683530c24
SSDEEP

24576:hc3K7UhKn4ZzOE3oSNdUXIy6pybLwnYGdqiUqm9W6cZYY1C68xW9idIfH47znynh:1UhhzP3VdUFbGUiUN9W6cZYYL1c+fH4q

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.128.129:8080/XKrH

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)

Targets

- Target
  
  06e84d4ca066dbe20b4d37686b65493fcef7f085e377af0afe9ec2b4ee57d7e7
- Size
  
  1.3MB
- MD5
  
  223aee3f86a178df73c9dda86284ae64
- SHA1
  
  f7b2abf596768dacce222927c87312682461458f
- SHA256
  
  06e84d4ca066dbe20b4d37686b65493fcef7f085e377af0afe9ec2b4ee57d7e7
- SHA512
  
  00915ce54803e540f84265964870203c925f31443eb06f125646edcdd7b0766c30dcaafd7cc0d851776169e8533ef5bbebaf978f29a903a38de25a2683530c24
- SSDEEP
  
  24576:hc3K7UhKn4ZzOE3oSNdUXIy6pybLwnYGdqiUqm9W6cZYY1C68xW9idIfH47znynh:1UhhzP3VdUFbGUiUN9W6cZYYL1c+fH4q
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan