cobaltstrike | ecbbb2801bb4d27db737c96ac45b2a51b449ddd9e2e2af42c1e85b79caa5a5ab | Triage

Sharing

General

Target

SecuriteInfo.com.FileRepMalware.23518.16980.exe
Size

2.3MB
Sample

240928-y7ajbavdkj
MD5

ea94a1fe3c2921313e7ea2b77675c7db
SHA1

dd0388d8bdfd510256f26a8e9efe025fd9381867
SHA256

ecbbb2801bb4d27db737c96ac45b2a51b449ddd9e2e2af42c1e85b79caa5a5ab
SHA512

75faeea680fea9fa1ba1980aceb9f7c85208664d568d3d4a45079eb64fa542228a8f204cd48075af86b6ff25f599e6b186c5965ebb6bc7c19e5e45151b062c81
SSDEEP

49152:9cUopVYb8CZgJEy4YqQD1qywbLTqFPO6KqMvdv2hSfrfX:jByQywfTYm6K7Aq

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://106.14.141.209:8087/hkDF

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Targets

- Target
  
  SecuriteInfo.com.FileRepMalware.23518.16980.exe
- Size
  
  2.3MB
- MD5
  
  ea94a1fe3c2921313e7ea2b77675c7db
- SHA1
  
  dd0388d8bdfd510256f26a8e9efe025fd9381867
- SHA256
  
  ecbbb2801bb4d27db737c96ac45b2a51b449ddd9e2e2af42c1e85b79caa5a5ab
- SHA512
  
  75faeea680fea9fa1ba1980aceb9f7c85208664d568d3d4a45079eb64fa542228a8f204cd48075af86b6ff25f599e6b186c5965ebb6bc7c19e5e45151b062c81
- SSDEEP
  
  49152:9cUopVYb8CZgJEy4YqQD1qywbLTqFPO6KqMvdv2hSfrfX:jByQywfTYm6K7Aq
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan