Overview

overview

10

Static

static

3

13a29bf4aa...8c.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    13a29bf4aaa9800fff2b42962a2cf385e66955b52bc0875ddfa77bf7249e958c

  • Size

    104KB

  • Sample

    250520-gkdtsacl3z

  • MD5

    9cb526044768b4f1b421e3687f10d44a

  • SHA1

    c864d03b958dddd064f4faf7e26bb9f7c0274c0b

  • SHA256

    13a29bf4aaa9800fff2b42962a2cf385e66955b52bc0875ddfa77bf7249e958c

  • SHA512

    466244b8e6d5e537e01d66dc3642a9d633ff5712c42958a021bb457a6e59882f78dcc5bee23878f3ce64f925bc4a37692adadc8fec8f70e8f03b1956484460d9

  • SSDEEP

    3072:Vd92LkqfrVw0tH9Y0KJMblI+02glDIwx1E:jELFJhtH+TS4E

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://119.8.59.15:8080/WordPress/api/v2/Search?uuid=96c5f1e1-067b-492e-a38b-4f6280s59121

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (iPhone; CPR iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Mobile/11D257 MicroMessenger/6.0.1 NutType/WIFI

Targets

    • Target

      13a29bf4aaa9800fff2b42962a2cf385e66955b52bc0875ddfa77bf7249e958c

    • Size

      104KB

    • MD5

      9cb526044768b4f1b421e3687f10d44a

    • SHA1

      c864d03b958dddd064f4faf7e26bb9f7c0274c0b

    • SHA256

      13a29bf4aaa9800fff2b42962a2cf385e66955b52bc0875ddfa77bf7249e958c

    • SHA512

      466244b8e6d5e537e01d66dc3642a9d633ff5712c42958a021bb457a6e59882f78dcc5bee23878f3ce64f925bc4a37692adadc8fec8f70e8f03b1956484460d9

    • SSDEEP

      3072:Vd92LkqfrVw0tH9Y0KJMblI+02glDIwx1E:jELFJhtH+TS4E

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Cobaltstrike family

      cobaltstrike

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks

OSZAR »