cobaltstrike | 1efe014a5d18b600a6cec18d30ff9f54b5a1df68ad55692dfb3bb1c718fe96ef | Triage

Sharing

General

Target

fcb00be14caec1ba79978e698a8a1800_JaffaCakes118
Size

1.5MB
Sample

240928-twhckavelm
MD5

fcb00be14caec1ba79978e698a8a1800
SHA1

3a6a941e52d2147c16e3385aa7faf813182021bc
SHA256

1efe014a5d18b600a6cec18d30ff9f54b5a1df68ad55692dfb3bb1c718fe96ef
SHA512

651adf119a7a47d895ae23fe9c2cf1a70d60a806b93fe91e2c95310bf0bb62b28c756ef2de8206ca2fc6535372ee6e4bc94d19fb8ba10a3c41b3af9d83d483ef
SSDEEP

12288:yuSDR+82AHSu6Ah9hQ3xSiP/+bmjJzDxtGwRbhOcQEre2EjGn8M5:yQ876Ah9hcxSo/WWNZQGn75

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://:0

http://162.216.47.177:21280/NQNp

http://:21280/NQNp

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)

Targets

- Target
  
  fcb00be14caec1ba79978e698a8a1800_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  fcb00be14caec1ba79978e698a8a1800
- SHA1
  
  3a6a941e52d2147c16e3385aa7faf813182021bc
- SHA256
  
  1efe014a5d18b600a6cec18d30ff9f54b5a1df68ad55692dfb3bb1c718fe96ef
- SHA512
  
  651adf119a7a47d895ae23fe9c2cf1a70d60a806b93fe91e2c95310bf0bb62b28c756ef2de8206ca2fc6535372ee6e4bc94d19fb8ba10a3c41b3af9d83d483ef
- SSDEEP
  
  12288:yuSDR+82AHSu6Ah9hQ3xSiP/+bmjJzDxtGwRbhOcQEre2EjGn8M5:yQ876Ah9hcxSo/WWNZQGn75
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan