MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 080c2647fb26ac8576014a21591465eba5b0ee03475f70e95bc3a4caa8d3642e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 080c2647fb26ac8576014a21591465eba5b0ee03475f70e95bc3a4caa8d3642e
SHA3-384 hash: c7619c2aaf9be317e59eb8a512c2ad640adfd37c73c8356b52af0ccd58c98f5fb1bc020efd2f161b4c4876c2f289cc1a
SHA1 hash: d8ed310e8179b0ed759843429e4dedab78ef4f3e
MD5 hash: c354ad2705debb7a270777acf1574597
humanhash: monkey-three-lima-sink
File name:c354ad2705debb7a270777acf1574597
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:288'256 bytes
First seen:2021-10-03 19:40:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 17b461a082950fc6332228572138b80c (121 x CobaltStrike, 2 x Cobalt Strike)
ssdeep 6144:aC9f3P6j+F2CwCwVXvGB+WifjQutFchhd9uhz6BEw:Tfiuj/kWiMut4h39BE
Threatray 1'533 similar samples on MalwareBazaar
TLSH T1C354AEC47A22B1A5F5821871F058D19A415FB665D6DC7B246A42E0B8F3383F2F5B2CB3
Reporter zbetcheckin
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
215
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c354ad2705debb7a270777acf1574597
Verdict:
No threats detected
Analysis date:
2021-10-03 19:43:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/66bad269-5917-4590-9e17-eb4c849ab3fe

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
CobaltStrikeBeacon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/194380/
Detection(s):
Win.Trojan.CobaltStrike-9044898-1
Create hunting rule

Win.Trojan.CobaltStrike-7899871-1
Create hunting rule

Win.Countermeasure.LoaderWinGeneric-9804845-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sending an HTTP GET request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/615c2f3db95458900cdc63da/reports/8c4e4a6a-f2b1-4a35-ba70-b6aaa7afe011/overview
Malware family:
CobaltStrike
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ed63f189-27f4-474c-8c1d-d33eb7fc00cc
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/863515
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: CobaltStrike Named Pipe
Uses known network protocols on non-standard ports
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
cobaltstrike
Create hunting rule
Link:
https://mwdb.cert.pl/sample/080c2647fb26ac8576014a21591465eba5b0ee03475f70e95bc3a4caa8d3642e/
Threat name:
Win64.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2021-09-25 23:03:23 UTC
AV detection:
38 of 45 (84.44%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
2949aec1094a9ecaaef168ef50885e49226bb9b46e8c015b74bc98772ac340e6
CobaltStrike
2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c
CobaltStrike
42104ac31fe7ae7328c209007ea71dc3effb183c736a9bddcf86f690fe96df9a
CobaltStrike
5531524151fcf7af36ff08c7f4a1b00c2c8cd409c64ce0bc2fe022973ba16c0a
CobaltStrike
5f74bedba6861d2dce4f9bcb9cee42844433b4fd4c78e7d4234d2868b9e7de57
CobaltStrike
673d8268fd21825ca5f21d8b395cdcede7009b60e540cb36c46f5794626faefb
CobaltStrike
9a7d2b2c96ee9b7b0ddc1665988d935a719f04cdb2b2dd331ec36aa4f6597506
CobaltStrike
+ 1'523 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike botnet:426352781 backdoor trojan
Link:
https://tria.ge/reports/211003-yd4kasfeg7/
Behaviour
Cobaltstrike
Malware Config
C2 Extraction:
http://142.4.123.147:2087/api/3
Unpacked files
SH256 hash:
080c2647fb26ac8576014a21591465eba5b0ee03475f70e95bc3a4caa8d3642e
MD5 hash:
c354ad2705debb7a270777acf1574597
SHA1 hash:
d8ed310e8179b0ed759843429e4dedab78ef4f3e
Link:
https://www.unpac.me/results/568edb7f-aaf4-422f-a55e-5b051318c5f8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/080c2647fb26ac8576014a21591465eba5b0ee03475f70e95bc3a4caa8d3642e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe 080c2647fb26ac8576014a21591465eba5b0ee03475f70e95bc3a4caa8d3642e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1653239/
Cape
Cape
https://www.capesandbox.com/analysis/194380/

Comments


Avatar
zbet commented on 2021-10-03 19:40:08 UTC

url : hxxp://142.4.123.147/artifact.exe