MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e30a27d44484b9baa56e7b6050581e3edc3bd1b426057c85824d0cac493a3f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e30a27d44484b9baa56e7b6050581e3edc3bd1b426057c85824d0cac493a3f1
SHA3-384 hash: 1ec0f6c0070cf0251aab1d6e40e7620785efbd83d1c7f4f84e23bb42aa9684fe19b14885677902324745dc5feae96acd
SHA1 hash: 3cfba4b65925ea397e6c780af61883c3b5269312
MD5 hash: 56d7ae0250296d3cc6a5de3ea0386c32
humanhash: eleven-south-double-india
File name:0e30a27d44484b9baa56e7b6050581e3edc3bd1b426057c85824d0cac493a3f1
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:284'672 bytes
First seen:2021-03-17 12:35:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dc25ee78e2ef4d36faa0badf1e7461c9 (118 x CobaltStrike, 5 x Cobalt Strike)
ssdeep 3072:lRVfcmvKwmHE3iM6+sV2VAVztoaC7nzlbfmTkcwlsnO0LJjCdvBcmn7v+A5V28lm:lRvvOESJVXVZoa6zlaw6O0IpvBlD61
Threatray 195 similar samples on MalwareBazaar
TLSH CE54CF6A64231158F48F3C789AE59A79376A5C3ECD1B0D75C97B8A3C993303014FBAD2
Reporter JAMESWT_WT
Tags:CobaltStrike

Intelligence

File Origin
# of uploads :
1
# of downloads :
175
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
0e30a27d44484b9baa56e7b6050581e3edc3bd1b426057c85824d0cac493a3f1
Verdict:
No threats detected
Analysis date:
2021-03-17 12:39:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b314782e-9c4a-4b74-baa1-a0c946be37bd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/124544/
Detection(s):
Win.Trojan.CobaltStrike-7899872-1
Create hunting rule

Win.Countermeasure.LoaderWinGeneric-9804845-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/642225
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e30a27d44484b9baa56e7b6050581e3edc3bd1b426057c85824d0cac493a3f1/
Threat name:
Win32.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2021-03-11 00:18:06 UTC
File Type:
PE (Exe)
AV detection:
40 of 47 (85.11%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
10b429dee7953e57c10798ffe22a196f768557cfb34e7fb338310d19cbfa09a6
CobaltStrike
1c330c3c27432b209b502cbb22ed35eaf761366511a95539b3624117d7f6c40c
CobaltStrike
287aae0d0192654d709742977dfb6219856096d8b05cf7592b2adfd96bb2d976
CobaltStrike
8af8a2aa6d8db7a9bf93620814017b5296713963b74aba38eb7a35e62dcb7d3e
CobaltStrike
b261e707e2548a01829a5a01ed2f34025b7dec5c2b5b60fd653b10a86585ae57
CobaltStrike
d963d9065339a7172882cb7ad0d3125f4f56aad05fe6fd05a12d7b3feb1d4f80
CobaltStrike
e844577efbd9d78da8849997491807f1f9d3ae7d7f010363e2c25c6de2687eba
CobaltStrike
f026659380293aebc45bc97cd4aeee19c96e8ae5b88673283f2ed113bed4110f
CobaltStrike
f4ca63aeb4e3246c5d923942497d650bc3920c9fbc78a330ecf9d7db67e0cb8f
CobaltStrike
fe6dcf38ecfeb4612ff8c59aa72afad19222bc181464e4b4690f19045bb2f9b5
CobaltStrike
+ 185 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/210317-re3xfs7pbe/
Behaviour
Modifies system certificate store
Cobaltstrike
Malware Config
C2 Extraction:
http://ajax.microsoft.com:443/wp-includes/js/script/indigo-migrate
http://ajax.microsoft.com:443/en-us/p/book-2/8MCPZJJCC98C
http://ajax.microsoft.com:443/en-us/store/api/checkproductinwishlist
Unpacked files
SH256 hash:
0e30a27d44484b9baa56e7b6050581e3edc3bd1b426057c85824d0cac493a3f1
MD5 hash:
56d7ae0250296d3cc6a5de3ea0386c32
SHA1 hash:
3cfba4b65925ea397e6c780af61883c3b5269312
Link:
https://www.unpac.me/results/8fbaca44-ce85-4f11-a56d-f4d999b00ada/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0e30a27d44484b9baa56e7b6050581e3edc3bd1b426057c85824d0cac493a3f1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/malwrhunterteam/status/1372162548993294339?s=20
Cape
Cape
https://www.capesandbox.com/analysis/124544/

Comments