cobaltstrike | 5ddc170fab8384db816be193ff28f9063583a121822320b736602de5db759eaf | Triage

Sharing

General

Target

5ddc170fab8384db816be193ff28f9063583a121822320b736602de5db759eafN.exe
Size

41KB
Sample

250216-yqerpsxncx
MD5

9afc2b2094ed72c6b17221fc517e4590
SHA1

cf0e649b81086d934c3101cbc621b96e88f07caa
SHA256

5ddc170fab8384db816be193ff28f9063583a121822320b736602de5db759eaf
SHA512

fc9e35d55554486610cacd5666c48c102c0b7714852af13348f60782fb60b508ae752fc66c0da10fd64f5861c257d9a7412c7bff828ed5b7ed3c5de7dd6f2cce
SSDEEP

768:xX4qY61zzS3B0rrN2V0Bicw5RnKd3F1Ts:xX40U0IHnKX1T

Score

10^/10

cobaltstrike backdoor discovery trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.0.131:80/MtXD

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)

Targets

- Target
  
  5ddc170fab8384db816be193ff28f9063583a121822320b736602de5db759eafN.exe
- Size
  
  41KB
- MD5
  
  9afc2b2094ed72c6b17221fc517e4590
- SHA1
  
  cf0e649b81086d934c3101cbc621b96e88f07caa
- SHA256
  
  5ddc170fab8384db816be193ff28f9063583a121822320b736602de5db759eaf
- SHA512
  
  fc9e35d55554486610cacd5666c48c102c0b7714852af13348f60782fb60b508ae752fc66c0da10fd64f5861c257d9a7412c7bff828ed5b7ed3c5de7dd6f2cce
- SSDEEP
  
  768:xX4qY61zzS3B0rrN2V0Bicw5RnKd3F1Ts:xX40U0IHnKX1T
Score

10^/10

cobaltstrike backdoor trojan discovery
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Cobaltstrike family
  cobaltstrike
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoordiscoverytrojan