cobaltstrike | 5fdb322fcb6b0236f59c3609e8aeff91a21d7020bd47d3c577cdd1d56cb2c4ce | Triage

Sharing

General

Target

5fdb322fcb6b0236f59c3609e8aeff91a21d7020bd47d3c577cdd1d56cb2c4ce
Size

4.5MB
Sample

240925-l6e17asfme
MD5

6eb0f8cdd3f2708b5fc8bdf2dadca602
SHA1

8e2be55f6ae18e9e091619d632c35f6897784a42
SHA256

5fdb322fcb6b0236f59c3609e8aeff91a21d7020bd47d3c577cdd1d56cb2c4ce
SHA512

6a40ae445e0722e5de5306362904dc663e529c8d69aa9437804476c23de8b37e85ab38ba75404d96062dbc4d79dbd164976aec51b95b7982084fb1b266c2bba5
SSDEEP

98304:/XrHQcsibw8SPLeTtSQo5Z8DERxrfExYzbRKHIrH/92BQ6ZyF:frwcXMHLKy6txWRK+H/926Yy

Score

10^/10

cobaltstrike backdoor discovery pyinstaller trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.14.128:443/u6z8

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;NLNL)

Targets

- Target
  
  5fdb322fcb6b0236f59c3609e8aeff91a21d7020bd47d3c577cdd1d56cb2c4ce
- Size
  
  4.5MB
- MD5
  
  6eb0f8cdd3f2708b5fc8bdf2dadca602
- SHA1
  
  8e2be55f6ae18e9e091619d632c35f6897784a42
- SHA256
  
  5fdb322fcb6b0236f59c3609e8aeff91a21d7020bd47d3c577cdd1d56cb2c4ce
- SHA512
  
  6a40ae445e0722e5de5306362904dc663e529c8d69aa9437804476c23de8b37e85ab38ba75404d96062dbc4d79dbd164976aec51b95b7982084fb1b266c2bba5
- SSDEEP
  
  98304:/XrHQcsibw8SPLeTtSQo5Z8DERxrfExYzbRKHIrH/92BQ6ZyF:frwcXMHLKy6txWRK+H/926Yy
Score

10^/10

cobaltstrike backdoor discovery trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoordiscoverytrojan

behavioral2

cobaltstrikebackdoordiscoverytrojan