cobaltstrike | 97577bc0d54361d2b6c8edecf01b9cd4f244c54a268c24974316c0a7b9ed5d4f | Triage

Sharing

General

Target

97577bc0d54361d2b6c8edecf01b9cd4f244c54a268c24974316c0a7b9ed5d4f
Size

5.7MB
Sample

240923-yx578stbmg
MD5

0526dcde2777b9cc3ea6faee9bf98532
SHA1

be44319443e37f4de45d2953a51a3ad541ce9509
SHA256

97577bc0d54361d2b6c8edecf01b9cd4f244c54a268c24974316c0a7b9ed5d4f
SHA512

e9d2ccaa513cf4d0659cd21d42e26c3c771191685cc3c167a5251d687607995093789a236e60f66644acbe2a94286b961154fe4f403f64a84997885d77e0c214
SSDEEP

98304:ypR8AlQadjrhmwnb+sX1ZvbeADwOjizwCy5xs3I67ovipACTaPKsyOCTVuqUKQ+d:cR2OhRnCsXDjDDwKP5W3I6sKpACTYyOm

Score

10^/10

cobaltstrike backdoor pyinstaller trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.80.128:1111/CEof

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)

Targets

- Target
  
  97577bc0d54361d2b6c8edecf01b9cd4f244c54a268c24974316c0a7b9ed5d4f
- Size
  
  5.7MB
- MD5
  
  0526dcde2777b9cc3ea6faee9bf98532
- SHA1
  
  be44319443e37f4de45d2953a51a3ad541ce9509
- SHA256
  
  97577bc0d54361d2b6c8edecf01b9cd4f244c54a268c24974316c0a7b9ed5d4f
- SHA512
  
  e9d2ccaa513cf4d0659cd21d42e26c3c771191685cc3c167a5251d687607995093789a236e60f66644acbe2a94286b961154fe4f403f64a84997885d77e0c214
- SSDEEP
  
  98304:ypR8AlQadjrhmwnb+sX1ZvbeADwOjizwCy5xs3I67ovipACTaPKsyOCTVuqUKQ+d:cR2OhRnCsXDjDDwKP5W3I6sKpACTYyOm
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan