cobaltstrike | 500052cb8acffebe5d34d0eba53c84f30d8f6227273661985c654a8f06098532 | Triage

Sharing

General

Target

500052cb8acffebe5d34d0eba53c84f30d8f6227273661985c654a8f06098532
Size

8.5MB
Sample

241122-hbp15a1rcq
MD5

0f023077d71e33d852515fab81709fc9
SHA1

3523a1ce388bd5a88432e81a5de2a75ea82db6d4
SHA256

500052cb8acffebe5d34d0eba53c84f30d8f6227273661985c654a8f06098532
SHA512

009c539faa6ec30b0b2937a973887a0b15794ce0bf09b74250932b7d11e9516e4a29e7d00acb0ee9ba3f25c93a295691cc851a6ba7516b4550fa6ee45bb8246a
SSDEEP

49152:bqXEV5Jf21tKNzJIgxDV/iGKzxFbYrIQc10H9u8:bqXOJf2f2tV/iGKzkno8

Score

10^/10

cobaltstrike backdoor discovery trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://apt.freelinuxupdate.tk:2053/bootstrap-2.min.js

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)

Targets

- Target
  
  500052cb8acffebe5d34d0eba53c84f30d8f6227273661985c654a8f06098532
- Size
  
  8.5MB
- MD5
  
  0f023077d71e33d852515fab81709fc9
- SHA1
  
  3523a1ce388bd5a88432e81a5de2a75ea82db6d4
- SHA256
  
  500052cb8acffebe5d34d0eba53c84f30d8f6227273661985c654a8f06098532
- SHA512
  
  009c539faa6ec30b0b2937a973887a0b15794ce0bf09b74250932b7d11e9516e4a29e7d00acb0ee9ba3f25c93a295691cc851a6ba7516b4550fa6ee45bb8246a
- SSDEEP
  
  49152:bqXEV5Jf21tKNzJIgxDV/iGKzxFbYrIQc10H9u8:bqXOJf2f2tV/iGKzkno8
Score

10^/10

cobaltstrike backdoor discovery trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Cobaltstrike family
  cobaltstrike
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoordiscoverytrojan

behavioral2

cobaltstrikebackdoordiscoverytrojan