cobaltstrike | 21a50932c0a565053426c05ab5d37f6cafe8a822843866733330e8ca333b39e3 | Triage

Sharing

General

Target

21a50932c0a565053426c05ab5d37f6cafe8a822843866733330e8ca333b39e3
Size

19KB
Sample

241125-k3rp5svqaj
MD5

0aa22540bf27bc4a5a129e62a65aa041
SHA1

c0f0c30bd46955aaff9965be5b5e8e6d8e07b1c8
SHA256

21a50932c0a565053426c05ab5d37f6cafe8a822843866733330e8ca333b39e3
SHA512

5709d764d0da87dce377337cf7559701a22042a6734288648229eb2979c83de088efea09c23d6ddfed2cb1773c44ee1a756e099856a4cc20e57697feb6956d43
SSDEEP

192:zV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2JPy5deWF8qa1Dojjgi:dqaCF31cix+Dc4zjCPkFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.88.129:6666/tbEB

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)

Targets

- Target
  
  21a50932c0a565053426c05ab5d37f6cafe8a822843866733330e8ca333b39e3
- Size
  
  19KB
- MD5
  
  0aa22540bf27bc4a5a129e62a65aa041
- SHA1
  
  c0f0c30bd46955aaff9965be5b5e8e6d8e07b1c8
- SHA256
  
  21a50932c0a565053426c05ab5d37f6cafe8a822843866733330e8ca333b39e3
- SHA512
  
  5709d764d0da87dce377337cf7559701a22042a6734288648229eb2979c83de088efea09c23d6ddfed2cb1773c44ee1a756e099856a4cc20e57697feb6956d43
- SSDEEP
  
  192:zV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2JPy5deWF8qa1Dojjgi:dqaCF31cix+Dc4zjCPkFF46gi
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Cobaltstrike family
  cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan