cobaltstrike | 40bdd17e323e3913fe5b1eab85d3a81cb742d5cfba41ed2ab17f452bb4e0a67e | Triage

Sharing

General

Target

40bdd17e323e3913fe5b1eab85d3a81cb742d5cfba41ed2ab17f452bb4e0a67e
Size

4.9MB
Sample

240927-kcjxlswfne
MD5

a9c5d9931e451767e2e3fb956c397f92
SHA1

11c71c3a7833c3237f95f0a2889160ac8a3b9f13
SHA256

40bdd17e323e3913fe5b1eab85d3a81cb742d5cfba41ed2ab17f452bb4e0a67e
SHA512

ed8dda93aac0277eb42c7f92b99cc77ab6db6daf8761319e6d5b3ee6b710884cd78b5d35b3bb6bc57c1fe6340273ba937575f0b4a27b1fd69c4e67c354aa2f5c
SSDEEP

98304:FpJ8UozTyb+sX1ZvbeAddJolTlPNs2PKToa1FptF07TUFpMndHUTVuqgKQ+P+o:TJbgeCsXDjDddJolpPgToa10/UFOnJgj

Score

10^/10

cobaltstrike backdoor pyinstaller trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://103.116.245.63:81/n4Ve

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727)

Targets

- Target
  
  40bdd17e323e3913fe5b1eab85d3a81cb742d5cfba41ed2ab17f452bb4e0a67e
- Size
  
  4.9MB
- MD5
  
  a9c5d9931e451767e2e3fb956c397f92
- SHA1
  
  11c71c3a7833c3237f95f0a2889160ac8a3b9f13
- SHA256
  
  40bdd17e323e3913fe5b1eab85d3a81cb742d5cfba41ed2ab17f452bb4e0a67e
- SHA512
  
  ed8dda93aac0277eb42c7f92b99cc77ab6db6daf8761319e6d5b3ee6b710884cd78b5d35b3bb6bc57c1fe6340273ba937575f0b4a27b1fd69c4e67c354aa2f5c
- SSDEEP
  
  98304:FpJ8UozTyb+sX1ZvbeAddJolTlPNs2PKToa1FptF07TUFpMndHUTVuqgKQ+P+o:TJbgeCsXDjDddJolpPgToa10/UFOnJgj
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan