cobaltstrike | 0eebc27d925b23220f74e0fc48322b384caac979bd27e7b44014598c6936af40 | Triage

Sharing

General

Target

0eebc27d925b23220f74e0fc48322b384caac979bd27e7b44014598c6936af40
Size

1.5MB
Sample

241119-xrt3cavqap
MD5

30cea38f8f40e0f8ca694114ca545882
SHA1

cf9085c5d6d68975c4801bc318354cd112861213
SHA256

0eebc27d925b23220f74e0fc48322b384caac979bd27e7b44014598c6936af40
SHA512

38abae725b9188db977351751bdb5c58f45a33e0256667c74195aa5593de505b68e7b0459e9ecd41226c727f25e7c2527a7d5841dccc7644086f6b49ab4a7055
SSDEEP

24576:YNIp4evquGx1Edj0z2NCzTFw2XHQMtz0ieCRTobj:YNHE7KTFpxz0ieCO

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://198.181.38.211:80/XlUD

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS125526)

Targets

- Target
  
  0eebc27d925b23220f74e0fc48322b384caac979bd27e7b44014598c6936af40
- Size
  
  1.5MB
- MD5
  
  30cea38f8f40e0f8ca694114ca545882
- SHA1
  
  cf9085c5d6d68975c4801bc318354cd112861213
- SHA256
  
  0eebc27d925b23220f74e0fc48322b384caac979bd27e7b44014598c6936af40
- SHA512
  
  38abae725b9188db977351751bdb5c58f45a33e0256667c74195aa5593de505b68e7b0459e9ecd41226c727f25e7c2527a7d5841dccc7644086f6b49ab4a7055
- SSDEEP
  
  24576:YNIp4evquGx1Edj0z2NCzTFw2XHQMtz0ieCRTobj:YNHE7KTFpxz0ieCO
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Cobaltstrike family
  cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan