cobaltstrike | 9737c963c888d2df3b767ef7c77265c47decabc4b71210146be9e9f81914ecf0 | Triage

Sharing

General

Target

9737c963c888d2df3b767ef7c77265c47decabc4b71210146be9e9f81914ecf0
Size

170KB
Sample

240923-lpnl1axdrh
MD5

1659df083a7e697627f20b552a5c9fbd
SHA1

7cf432254aa37db9635a0397f415b7c5995acb10
SHA256

9737c963c888d2df3b767ef7c77265c47decabc4b71210146be9e9f81914ecf0
SHA512

f7ce3f9dc92f4fe9263db0e1aec174415b6f0f4daa2d725250b688c37ff40081f22d683e7d679e06f3c53ded6f11adcc682faa319629d3c41f389f3984409cd2
SSDEEP

3072:XE72NxospBAIsIrr8WhCdoPl7nhPPpuqXiVeuDVe0QfLf1qCzPk/zUc1jkj:XEaAbIHnI0npuqXK3DM0EtIg/j

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://service-61oc67uo-1327454768.gz.tencentapigw.com.cn:443/Content/js/cookie/jquery.cookie.js

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)

Targets

- Target
  
  CRYPTSP.dll
- Size
  
  282KB
- MD5
  
  9969eec1d2e99a6535f5fc62b2acc78e
- SHA1
  
  212b0d900473ff811bd6d4f1dbd2a2f732574763
- SHA256
  
  27a1a83fc410bb51c4fa943de18fc93f1081a5703941808e01a12ef176735c4e
- SHA512
  
  9ea50296718ebccc4a9bfcc2fce61e47b74c00febf4f50dd159c4852fbdf4a2fa06cd0fdbdfde653078c4763b8b4917b43499aa671dd2b2ca30029f8c3abeb14
- SSDEEP
  
  6144:e5yKlTiyDU15/TKvqXNBfPmLno+bG+4ohEzP+59:e5ni7//+6feLTGroiK9
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2
- Target
  
  csc.exe
- Size
  
  56KB
- MD5
  
  0d26d99bd550e9b08c9c9d4ce3636df6
- SHA1
  
  9de4dc9e25a14b8fa6c199cf6bfa1df66b19a81b
- SHA256
  
  965bb8e7822d62e4355362aee29031737ab83b22eeb620814e9e3fd7e0f6672a
- SHA512
  
  9448c0c17d7bf78019302c4f62eee591785f5ba5e870f9e0f73f2e82206a2000cfca33ed319f7732ac6ad1373795be94d119363de91d07e4f73a0952694b339b
- SSDEEP
  
  768:FpdhYE3ClRJdWgSH+uXK52qRl2wwH2jsBMtDqxmheMnS1yWbEj:L3ClftSH5w2qXQ2oMtDqxmQMnS8mY
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan

behavioral3

behavioral4

cobaltstrikebackdoortrojan