cobaltstrike | 620a87d359a1a5e22b983e28a8635a0856529991be777416fbc901b02d480c90 | Triage

Submit
Reports

Overview

overview

Static

static

1

14d18dcabd...18.dll

windows7-x64

1

14d18dcabd...18.dll

windows10-2004-x64

Sharing

General

Target

14d18dcabdddbee8881ef43add7c618a_JaffaCakes118
Size

2.0MB
Sample

240627-f3eclathme
MD5

14d18dcabdddbee8881ef43add7c618a
SHA1

e8e2adeced5a50fdf2a8e89c8f157c3062105ec9
SHA256

620a87d359a1a5e22b983e28a8635a0856529991be777416fbc901b02d480c90
SHA512

bf972b451d15c6374107f28633f7dba3caa9c37efdf44cefe9a285c1a24382b1424be5a78d1fde81c0cd72b937cf5516551614b1bd26a7cfc1de2fdbe314e572
SSDEEP

24576:z/59yhjXHuw4DUq6SIQEx+zL5rCWwHawFvDOpfYiCAm+NAW:z3yZgDQBQEx+zL5WWwHFFSSAm+NAW

Score

10^/10

cobaltstrike backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

14d18dcabdddbee8881ef43add7c618a_JaffaCakes118.dll

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

14d18dcabdddbee8881ef43add7c618a_JaffaCakes118.dll

Resource

win10v2004-20240226-en

cobaltstrike backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

cobaltstrike

C2

http://62.171.141.54:443/static-directory/default.ico

Attributes

user_agent
Connection: close Accept: image/jpeg Accept-Language: en-US User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9

Targets

- Target
  
  14d18dcabdddbee8881ef43add7c618a_JaffaCakes118
- Size
  
  2.0MB
- MD5
  
  14d18dcabdddbee8881ef43add7c618a
- SHA1
  
  e8e2adeced5a50fdf2a8e89c8f157c3062105ec9
- SHA256
  
  620a87d359a1a5e22b983e28a8635a0856529991be777416fbc901b02d480c90
- SHA512
  
  bf972b451d15c6374107f28633f7dba3caa9c37efdf44cefe9a285c1a24382b1424be5a78d1fde81c0cd72b937cf5516551614b1bd26a7cfc1de2fdbe314e572
- SSDEEP
  
  24576:z/59yhjXHuw4DUq6SIQEx+zL5rCWwHawFvDOpfYiCAm+NAW:z3yZgDQBQEx+zL5WWwHFFSSAm+NAW
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

cobaltstrikebackdoortrojan

© 2018-2024

Terms | Privacy