cobaltstrike | a52702996f8f1e5ee4474ce6fca13e5213ed2b0fbab81ab02b55177c1ff39c31 | Triage

Sharing

General

Target

a52702996f8f1e5ee4474ce6fca13e5213ed2b0fbab81ab02b55177c1ff39c31
Size

4.9MB
Sample

240927-qbtnbawelf
MD5

126781eca4a9a2688a6a8381c60fe752
SHA1

fa3be99d991ef1f77c3eeb0c7bfdd08f31823b1e
SHA256

a52702996f8f1e5ee4474ce6fca13e5213ed2b0fbab81ab02b55177c1ff39c31
SHA512

ec9becace9b295a8f51a172a37a81c8a21c02c46a5d5d2dbee5b19c4396efb1ee2e04683122dcfc58b16b9ae709131d1eb42036e7740b7ed5bfb7143c49adc6b
SSDEEP

98304:5IxozTyb+sX1ZvbeAddJolTlPNs2PKToa1FptF07TUFpMndHUTVuqgKQ+P+o:5UgeCsXDjDddJolpPgToa10/UFOnJgTX

Score

10^/10

cobaltstrike backdoor pyinstaller trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://103.116.245.63:81/n4Ve

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727)

Targets

- Target
  
  a52702996f8f1e5ee4474ce6fca13e5213ed2b0fbab81ab02b55177c1ff39c31
- Size
  
  4.9MB
- MD5
  
  126781eca4a9a2688a6a8381c60fe752
- SHA1
  
  fa3be99d991ef1f77c3eeb0c7bfdd08f31823b1e
- SHA256
  
  a52702996f8f1e5ee4474ce6fca13e5213ed2b0fbab81ab02b55177c1ff39c31
- SHA512
  
  ec9becace9b295a8f51a172a37a81c8a21c02c46a5d5d2dbee5b19c4396efb1ee2e04683122dcfc58b16b9ae709131d1eb42036e7740b7ed5bfb7143c49adc6b
- SSDEEP
  
  98304:5IxozTyb+sX1ZvbeAddJolTlPNs2PKToa1FptF07TUFpMndHUTVuqgKQ+P+o:5UgeCsXDjDddJolpPgToa10/UFOnJgTX
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan