cobaltstrike | 16a29e3a6bd80c7e96626fd6ccb3ff1a037b69fc4c63dad966911192ed78c385 | Triage

Sharing

General

Target

16a29e3a6bd80c7e96626fd6ccb3ff1a037b69fc4c63dad966911192ed78c385
Size

1.5MB
Sample

240923-z2zrpazgrk
MD5

1b40dfbf145b17af8e5b9c32bcfb1ced
SHA1

2a5625805202ce20b08082650a832c5387b06a5b
SHA256

16a29e3a6bd80c7e96626fd6ccb3ff1a037b69fc4c63dad966911192ed78c385
SHA512

257f8c4d3469c2d9b6e8aaf69b6224d05b4e5a99acc9776905824940b895ab44621ec764e5912279192398dcdfe6a7c59ccd6b5512740a6e0f5d184603f412f2
SSDEEP

24576:9hOrAH5Z2GGx9oPNqHs6UkM1ShTYgtrKL0vHM/b1v:9hGGU9cNqOCYgtrsGHM/b1

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.153.132:8089/WWMb

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)

Targets

- Target
  
  16a29e3a6bd80c7e96626fd6ccb3ff1a037b69fc4c63dad966911192ed78c385
- Size
  
  1.5MB
- MD5
  
  1b40dfbf145b17af8e5b9c32bcfb1ced
- SHA1
  
  2a5625805202ce20b08082650a832c5387b06a5b
- SHA256
  
  16a29e3a6bd80c7e96626fd6ccb3ff1a037b69fc4c63dad966911192ed78c385
- SHA512
  
  257f8c4d3469c2d9b6e8aaf69b6224d05b4e5a99acc9776905824940b895ab44621ec764e5912279192398dcdfe6a7c59ccd6b5512740a6e0f5d184603f412f2
- SSDEEP
  
  24576:9hOrAH5Z2GGx9oPNqHs6UkM1ShTYgtrKL0vHM/b1v:9hGGU9cNqOCYgtrsGHM/b1
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan