cobaltstrike | 96c5bc2d8f5209fc194f7c9fbcb49a40265051c87abcc66bd9f8fcf8c69e75a3 | Triage

Sharing

General

Target

96c5bc2d8f5209fc194f7c9fbcb49a40265051c87abcc66bd9f8fcf8c69e75a3
Size

12KB
Sample

240926-t9mjfaxeqk
MD5

5004d89c777e5d22c5a0b58d84221625
SHA1

a3c3ef420954fec59daad895af12ac1c9e235400
SHA256

96c5bc2d8f5209fc194f7c9fbcb49a40265051c87abcc66bd9f8fcf8c69e75a3
SHA512

5aadbe3344c5d1ef0711e90fb30380d9c046493a84d27765f53f2665306c2f962292504d3776867fbf82d580bd5e7408016a1c2349341d64fe81fe38047344d9
SSDEEP

192:JgK3rbcdWSiCVq1sHfvma6pNqlP07TI+sQ5tfBDvBu6sLCl8:JgK3rfqqC3mavlYssu6sLQ8

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://www.bilibli.mom:80/zzzzx

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) Host: www.bilibli.mom

Targets

- Target
  
  96c5bc2d8f5209fc194f7c9fbcb49a40265051c87abcc66bd9f8fcf8c69e75a3
- Size
  
  12KB
- MD5
  
  5004d89c777e5d22c5a0b58d84221625
- SHA1
  
  a3c3ef420954fec59daad895af12ac1c9e235400
- SHA256
  
  96c5bc2d8f5209fc194f7c9fbcb49a40265051c87abcc66bd9f8fcf8c69e75a3
- SHA512
  
  5aadbe3344c5d1ef0711e90fb30380d9c046493a84d27765f53f2665306c2f962292504d3776867fbf82d580bd5e7408016a1c2349341d64fe81fe38047344d9
- SSDEEP
  
  192:JgK3rbcdWSiCVq1sHfvma6pNqlP07TI+sQ5tfBDvBu6sLCl8:JgK3rfqqC3mavlYssu6sLQ8
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan