cobaltstrike | 34e30b18fd4482861916227495ef07e817252cc74571e9eb081e71c07118e969 | Triage

Sharing

General

Target

stealer.exe
Size

6.0MB
Sample

240921-jgy2na1fmf
MD5

e59cea939446d6c203b80eb6487d0705
SHA1

c912d930360ffd2bf5ff8d79834474be94d91849
SHA256

34e30b18fd4482861916227495ef07e817252cc74571e9eb081e71c07118e969
SHA512

74dbdc05d267bdb8bcb4088d691eae0cc66f508e4f3bdd5b6b43a26e1f435f1a2a571a3f974f2332c615e342b179de6c379807580ab0fe448b8d907a58fb7c07
SSDEEP

98304:gl6sdECBCgVQWJuhswoYv5eOaVczo0Ahd6y0Naxxv8fqDDAx5rlcgVeRWHtw9ust:gl3/CguWJysVYvsO5oyMxxvjDDAx5rl2

Score

10^/10

cobaltstrike backdoor pyinstaller trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://209.146.125.199:8889/jquery-3.3.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

- Target
  
  stealer.exe
- Size
  
  6.0MB
- MD5
  
  e59cea939446d6c203b80eb6487d0705
- SHA1
  
  c912d930360ffd2bf5ff8d79834474be94d91849
- SHA256
  
  34e30b18fd4482861916227495ef07e817252cc74571e9eb081e71c07118e969
- SHA512
  
  74dbdc05d267bdb8bcb4088d691eae0cc66f508e4f3bdd5b6b43a26e1f435f1a2a571a3f974f2332c615e342b179de6c379807580ab0fe448b8d907a58fb7c07
- SSDEEP
  
  98304:gl6sdECBCgVQWJuhswoYv5eOaVczo0Ahd6y0Naxxv8fqDDAx5rlcgVeRWHtw9ust:gl3/CguWJysVYvsO5oyMxxvjDDAx5rl2
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan