cobaltstrike | f3dcf92555004bd3f6ee9b48bcb1f8d6a249828219d18054bbb2a82d8c86a790 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-06-28...uk.exe

windows7-x64

2024-06-28...uk.exe

windows10-2004-x64

Sharing

General

Target

2024-06-28_21cb548b5c4adfd61de94401705c7c7c_cobalt-strike_ryuk
Size

133KB
Sample

240628-3pd61avglb
MD5

21cb548b5c4adfd61de94401705c7c7c
SHA1

f4223a790bba82bb42a93fe6ad3b3fae1a48edb5
SHA256

f3dcf92555004bd3f6ee9b48bcb1f8d6a249828219d18054bbb2a82d8c86a790
SHA512

feaf60fb4a3a1deb09227ab2ff6f749698405df112682a78c20216006b56db2a7e443bb556440953c87c2f95bf3b1023eb79a5d0d56dafdebdbc0c3924744b8b
SSDEEP

3072:QQcN/pB0CKt0dtM9sJUU/Bd+wYj/6oflZ6Bu:/qH0tUkEBY+

Score

10^/10

cobaltstrike backdoor trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-06-28_21cb548b5c4adfd61de94401705c7c7c_cobalt-strike_ryuk.exe

Resource

win7-20240419-en

cobaltstrike backdoor trojan

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-06-28_21cb548b5c4adfd61de94401705c7c7c_cobalt-strike_ryuk.exe

Resource

win10v2004-20240226-en

cobaltstrike backdoor trojan

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

cobaltstrike

C2

http://150.158.38.230:443/De05ceda-acc9-4018-8252-d574e1d1e630.zip

Attributes

user_agent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/532.31 (KHTML, like Gecko) Chrome/118.1.3.5 Safari/517.36 Connection: Keep-Alive Host: updatetime.msn.cn

Targets

- Target
  
  2024-06-28_21cb548b5c4adfd61de94401705c7c7c_cobalt-strike_ryuk
- Size
  
  133KB
- MD5
  
  21cb548b5c4adfd61de94401705c7c7c
- SHA1
  
  f4223a790bba82bb42a93fe6ad3b3fae1a48edb5
- SHA256
  
  f3dcf92555004bd3f6ee9b48bcb1f8d6a249828219d18054bbb2a82d8c86a790
- SHA512
  
  feaf60fb4a3a1deb09227ab2ff6f749698405df112682a78c20216006b56db2a7e443bb556440953c87c2f95bf3b1023eb79a5d0d56dafdebdbc0c3924744b8b
- SSDEEP
  
  3072:QQcN/pB0CKt0dtM9sJUU/Bd+wYj/6oflZ6Bu:/qH0tUkEBY+
Score

10^/10

cobaltstrike backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikebackdoortrojan

behavioral2

cobaltstrikebackdoortrojan

© 2018-2024

Terms | Privacy