cobaltstrike | f2d18d164221bb46ad686969fd8e6a22c77e3a04f5f0e40e62de830480614b5c | Triage

Sharing

General

Target

f2d18d164221bb46ad686969fd8e6a22c77e3a04f5f0e40e62de830480614b5c
Size

4.9MB
Sample

240927-kdaqbstcrj
MD5

0669944bdf1dc80190ff481cd19fe05b
SHA1

feea7dbe58976e992dfdc1ddb01153920fe4ac30
SHA256

f2d18d164221bb46ad686969fd8e6a22c77e3a04f5f0e40e62de830480614b5c
SHA512

53033c3031afe9b2611ca5f80adb1a7a830353659d735596060abeb50cc2ccc1673966f0162d407a74df2bea88d4a3a1813ed0db218179522416436bf0e628e8
SSDEEP

98304:WgxozTyb+sX1ZvbeAddJolTlPNs2PKToa1FptF07TUFpMndHUTVuqgKQ+P+o:W8geCsXDjDddJolpPgToa10/UFOnJgTX

Score

10^/10

cobaltstrike backdoor pyinstaller trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://103.116.245.63:81/n4Ve

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727)

Targets

- Target
  
  f2d18d164221bb46ad686969fd8e6a22c77e3a04f5f0e40e62de830480614b5c
- Size
  
  4.9MB
- MD5
  
  0669944bdf1dc80190ff481cd19fe05b
- SHA1
  
  feea7dbe58976e992dfdc1ddb01153920fe4ac30
- SHA256
  
  f2d18d164221bb46ad686969fd8e6a22c77e3a04f5f0e40e62de830480614b5c
- SHA512
  
  53033c3031afe9b2611ca5f80adb1a7a830353659d735596060abeb50cc2ccc1673966f0162d407a74df2bea88d4a3a1813ed0db218179522416436bf0e628e8
- SSDEEP
  
  98304:WgxozTyb+sX1ZvbeAddJolTlPNs2PKToa1FptF07TUFpMndHUTVuqgKQ+P+o:W8geCsXDjDddJolpPgToa10/UFOnJgTX
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan