cobaltstrike | e001a54068c68d227e280d7f728401fdbb79ce4cc535750bc39d3efe13df00e9 | Triage

Sharing

General

Target

e001a54068c68d227e280d7f728401fdbb79ce4cc535750bc39d3efe13df00e9
Size

5.7MB
Sample

240923-c7pgksthkc
MD5

e8e4eb10fea3cec366166def40ff5d25
SHA1

1943363a2ba96ce07d2eb93c858fab100dcf536a
SHA256

e001a54068c68d227e280d7f728401fdbb79ce4cc535750bc39d3efe13df00e9
SHA512

e7ae07cc8812e8890dcbd27858c4e68766a2c98f19277eac97c090b8c21f01e60cc15e26f5f20234abe5422b5dff3a1d3ddb7a6cdc844907f38fe26df121fb78
SSDEEP

98304:fpl8NlQadjrhmwnb+sX1ZvbeADwOjizwCy5xs3I67ovipACTaPKsyOkTVuqwKD+d:BlvOhRnCsXDjDDwKP5W3I6sKpACTYyOX

Score

10^/10

cobaltstrike backdoor pyinstaller trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.80.128:1111/CEof

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)

Targets

- Target
  
  e001a54068c68d227e280d7f728401fdbb79ce4cc535750bc39d3efe13df00e9
- Size
  
  5.7MB
- MD5
  
  e8e4eb10fea3cec366166def40ff5d25
- SHA1
  
  1943363a2ba96ce07d2eb93c858fab100dcf536a
- SHA256
  
  e001a54068c68d227e280d7f728401fdbb79ce4cc535750bc39d3efe13df00e9
- SHA512
  
  e7ae07cc8812e8890dcbd27858c4e68766a2c98f19277eac97c090b8c21f01e60cc15e26f5f20234abe5422b5dff3a1d3ddb7a6cdc844907f38fe26df121fb78
- SSDEEP
  
  98304:fpl8NlQadjrhmwnb+sX1ZvbeADwOjizwCy5xs3I67ovipACTaPKsyOkTVuqwKD+d:BlvOhRnCsXDjDDwKP5W3I6sKpACTYyOX
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan