cobaltstrike | 073696fdea0ff9effeb4f7d3cf22719fccba0c69982b514ab970bd0c53dbc774 | Triage

Sharing

General

Target

073696fdea0ff9effeb4f7d3cf22719fccba0c69982b514ab970bd0c53dbc774N
Size

1.3MB
Sample

240922-lrlv7atbmb
MD5

e51ce079bb11888b3b42893f13d1d220
SHA1

07d1eaadad1b51768207cf9796c1ffe6e0240fd0
SHA256

073696fdea0ff9effeb4f7d3cf22719fccba0c69982b514ab970bd0c53dbc774
SHA512

a518ac85f913323e66ac9a6eeb6180e84810c8d167b768352bc21e1f4203945c8a321149bfc62fb294dc14a58058bb25be010b1a2306e1df7c24330d3b355316
SSDEEP

12288:H3sXm99oq60jkgt4HeUIVJKoIIKfWbgbvRKW9zDeWTN7lDh1Z:8yqq60jv8eF0fWbgbv4WYW57z1Z

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://157.245.59.80:8989/COuV

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)

Targets

- Target
  
  073696fdea0ff9effeb4f7d3cf22719fccba0c69982b514ab970bd0c53dbc774N
- Size
  
  1.3MB
- MD5
  
  e51ce079bb11888b3b42893f13d1d220
- SHA1
  
  07d1eaadad1b51768207cf9796c1ffe6e0240fd0
- SHA256
  
  073696fdea0ff9effeb4f7d3cf22719fccba0c69982b514ab970bd0c53dbc774
- SHA512
  
  a518ac85f913323e66ac9a6eeb6180e84810c8d167b768352bc21e1f4203945c8a321149bfc62fb294dc14a58058bb25be010b1a2306e1df7c24330d3b355316
- SSDEEP
  
  12288:H3sXm99oq60jkgt4HeUIVJKoIIKfWbgbvRKW9zDeWTN7lDh1Z:8yqq60jv8eF0fWbgbv4WYW57z1Z
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan