MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 055672abeb2d5018279ea2ad039bfa752c1f8333c065e3830ba61b17a65f3731. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	055672abeb2d5018279ea2ad039bfa752c1f8333c065e3830ba61b17a65f3731
SHA3-384 hash:	ae987abb589e25527e0568a65b8b78526f13946ea0af922f332ff14b0e8d421640df62ec865d672ee4e5416f2c46a84d
SHA1 hash:	2db84283f01f4df9928dd0aceb99a87086ed6a5b
MD5 hash:	b8d4b10821e714302d6fc60092934dc5
humanhash:	alpha-october-fish-hot
File name:	055672abeb2d5018279ea2ad039bfa752c1f8333c065e3830ba61b17a65f3731
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	288'256 bytes
First seen:	2021-03-11 15:11:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	17b461a082950fc6332228572138b80c (121 x CobaltStrike, 2 x Cobalt Strike)
ssdeep	6144:KC/cLq32VKR2ooP9Y/vgm78sE9assSXs72qrhNPAB:tcLq3QYHX78BzqI
Threatray	628 similar samples on MalwareBazaar
TLSH	C954BE2322C75B76DDDDAB38758800BCCABBABDC0764CFA1DD71AD4252419C1B5B22C9
Reporter	JAMESWT_WT
Tags:	CobaltStrike

Intelligence

File Origin

# of uploads :

1

# of downloads :

283

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

055672abeb2d5018279ea2ad039bfa752c1f8333c065e3830ba61b17a65f3731

Verdict:

No threats detected

Analysis date:

2021-03-11 15:16:54 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/3c84cc0c-00bb-4025-97e7-589c6de199e2

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/123834/

Detection(s):

Win.Trojan.CobaltStrike-9044898-1

Win.Trojan.CobaltStrike-7899871-1

Win.Countermeasure.LoaderWinGeneric-9804845-2

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/637007

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/055672abeb2d5018279ea2ad039bfa752c1f8333c065e3830ba61b17a65f3731/

Threat name:

Win64.Backdoor.CobaltStrike

Status:

Malicious

First seen:

2021-03-01 04:35:00 UTC

File Type:

PE+ (Exe)

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

03729ae2db20f485c0b83fbf36d2a22d629137deb2032bf972132db9f2805882

4379aad7a920fea59a8f6233f47de514e7ba3783d6ae3c230f458142fa9ae9c3

6543e374acbfe9a3bcfa9a76cb743aaea934c1a1fce7c419b42c27b3fbb1f880

84cef0aed269e6213bfa213d95a3db625bcdde130f33bf4227436985e4473252

8fabea95cbfe1da521dfcd7880ec3301a3a32175741680d8c1a8acacc0199eb7

a93eb70cc4152e32cd3a39fda968b2da5ade48453927410a0d520f2d13223d11

bcbd4211108cf3c477de91d78383150e1d30f98d41c372770503eb259a762824

cb01f31a322572035cf19f6cda00bcf1d8235dcc692588810405d0fc6e8d239c

dbafbe9edfdac67a781756a6970a7341fd5401b0914fff7e3e8136cff0426fc5

f25295fc7d3435f80f39e602465da255ee0ace3d845315dac8731873adff894d

+ 618 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/210311-5wqnkz728j/

Behaviour

Cobaltstrike

Malware Config

C2 Extraction:

http://yellow-mountain-cb5f.pza3-bdcb3s.workers.dev:443/jquery-3.3.1.min.js

Unpacked files

SH256 hash:

055672abeb2d5018279ea2ad039bfa752c1f8333c065e3830ba61b17a65f3731

MD5 hash:

b8d4b10821e714302d6fc60092934dc5

SHA1 hash:

2db84283f01f4df9928dd0aceb99a87086ed6a5b

Link:

https://www.unpac.me/results/4fd338d4-d909-42a9-98bf-7919b0dfa073/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

CobaltStrike

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/055672abeb2d5018279ea2ad039bfa752c1f8333c065e3830ba61b17a65f3731

File information

The table below shows additional information about this malware sample such as delivery method and external references.

X

https://twitter.com/malwrhunterteam/status/1370029176338587657?s=20

Cape

Cape

https://www.capesandbox.com/analysis/123834/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample