cobaltstrike | e43dc825d27b68c403e2d9dd7b0a93275c53c7905dcc1b7c307a6a557c8b8a90 | Triage

Sharing

General

Target

e43dc825d27b68c403e2d9dd7b0a93275c53c7905dcc1b7c307a6a557c8b8a90
Size

136KB
Sample

240928-slmc4avdmb
MD5

67a172b0a8116e2c15201b0259f4ee2f
SHA1

15135607edc6bdffbc1dcc323e2a1a7ade0686f6
SHA256

e43dc825d27b68c403e2d9dd7b0a93275c53c7905dcc1b7c307a6a557c8b8a90
SHA512

9e842e3dd69e0114a82ca4fb22fc09d130380a59350ac8d33c94eef887e0ebd1b3c02a84f3244d757516931c6eb234fe049270026398f0e2280cff24d22c7ee3
SSDEEP

3072:x8juuqju/ymR7TP+jQoZvnfScOMwKl0f:xNfju/r7TPaZvn6UOf

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.1.213:1103relaysec001

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAARJS)

Targets

- Target
  
  e43dc825d27b68c403e2d9dd7b0a93275c53c7905dcc1b7c307a6a557c8b8a90
- Size
  
  136KB
- MD5
  
  67a172b0a8116e2c15201b0259f4ee2f
- SHA1
  
  15135607edc6bdffbc1dcc323e2a1a7ade0686f6
- SHA256
  
  e43dc825d27b68c403e2d9dd7b0a93275c53c7905dcc1b7c307a6a557c8b8a90
- SHA512
  
  9e842e3dd69e0114a82ca4fb22fc09d130380a59350ac8d33c94eef887e0ebd1b3c02a84f3244d757516931c6eb234fe049270026398f0e2280cff24d22c7ee3
- SSDEEP
  
  3072:x8juuqju/ymR7TP+jQoZvnfScOMwKl0f:xNfju/r7TPaZvn6UOf
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan