cobaltstrike | 66a52de66fee86d212ada38411fedd95b4eba6a3975f7a2ce5f8535ecfefacfb | Triage

Sharing

General

Target

temp.1.exe
Size

68KB
Sample

240928-n55xbsvcrk
MD5

e5852100b1ecba5fce3684062e08ec7f
SHA1

7ffba89c4723c17c111bcca280a2ef673b9a607b
SHA256

66a52de66fee86d212ada38411fedd95b4eba6a3975f7a2ce5f8535ecfefacfb
SHA512

1a9dda95a83bae8cba67f35a46458da00742681185602b38bf82aca90befb70332ff46a1a9e6a59d0d7e4c9a1a1505f3bc86e42d29dcd5c626fa683d05e50ae9
SSDEEP

1536:80UVLhHOnhCk96KN/ysvrS1MSNefO8DtVN:8DBC7hNasrS1MSNeftDt

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://sertificationgameconnect.xyz:8443/jquery-3.3.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

- Target
  
  temp.1.exe
- Size
  
  68KB
- MD5
  
  e5852100b1ecba5fce3684062e08ec7f
- SHA1
  
  7ffba89c4723c17c111bcca280a2ef673b9a607b
- SHA256
  
  66a52de66fee86d212ada38411fedd95b4eba6a3975f7a2ce5f8535ecfefacfb
- SHA512
  
  1a9dda95a83bae8cba67f35a46458da00742681185602b38bf82aca90befb70332ff46a1a9e6a59d0d7e4c9a1a1505f3bc86e42d29dcd5c626fa683d05e50ae9
- SSDEEP
  
  1536:80UVLhHOnhCk96KN/ysvrS1MSNefO8DtVN:8DBC7hNasrS1MSNeftDt
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan