cobaltstrike | 64ab2904008a9851433e2af1006236edf7c106263011c8a8adc3a85bfeed5ed5 | Triage

Sharing

General

Target

64ab2904008a9851433e2af1006236edf7c106263011c8a8adc3a85bfeed5ed5
Size

1.0MB
Sample

241118-y7qwasvfkq
MD5

bcc2c26b1eb0f312f39b76b6ef09469f
SHA1

407292f93465c2f5fe17e8799ddf377b4739e04e
SHA256

64ab2904008a9851433e2af1006236edf7c106263011c8a8adc3a85bfeed5ed5
SHA512

a2062bb1bd545b18e89a6f57dde9a46e17e7fbb33e194f19df1d6b46ccd4820360f0ac6afd4ee3f3232d40bc9c150fc7dee30176ec230cd2dabf50a215b75a10
SSDEEP

24576:dnOq6K1HpJFhBlXx0bQJDAlgckIaczFsUuRgsIBI:d3vZpJFRJHckIachsr+sIBI

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://calendar.techcloudmedia.com:4433/samlss/contentDoor.gif

Attributes

user_agent
Host: calendar.techcloudmedia.com Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203

Targets

- Target
  
  64ab2904008a9851433e2af1006236edf7c106263011c8a8adc3a85bfeed5ed5
- Size
  
  1.0MB
- MD5
  
  bcc2c26b1eb0f312f39b76b6ef09469f
- SHA1
  
  407292f93465c2f5fe17e8799ddf377b4739e04e
- SHA256
  
  64ab2904008a9851433e2af1006236edf7c106263011c8a8adc3a85bfeed5ed5
- SHA512
  
  a2062bb1bd545b18e89a6f57dde9a46e17e7fbb33e194f19df1d6b46ccd4820360f0ac6afd4ee3f3232d40bc9c150fc7dee30176ec230cd2dabf50a215b75a10
- SSDEEP
  
  24576:dnOq6K1HpJFhBlXx0bQJDAlgckIaczFsUuRgsIBI:d3vZpJFRJHckIachsr+sIBI
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Cobaltstrike family
  cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan