MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0f1fb6ff690d1b40e8aa3302cb638b73b65920616ccb9ec2c32069d41875ab77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0f1fb6ff690d1b40e8aa3302cb638b73b65920616ccb9ec2c32069d41875ab77
SHA3-384 hash: 3cfee3269c2a41cae35b9117b51be8bbc6c0ca7e8b9c8d214c6d510f23a71b64346ab27cd623c75c64a912707ba14fdc
SHA1 hash: fae65a929b80e5c089f392918b631b382ec6e45b
MD5 hash: a1e3e6b9e3d3bf7f66af8e9b650b2f88
humanhash: iowa-cat-golf-violet
File name:0f1fb6ff690d1b40e8aa3302cb638b73b65920616ccb9ec2c32069d41875ab77
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:12'288 bytes
First seen:2021-03-17 13:25:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 192:riv0hxq63spYjkH4VYH9gZv2EzNQ5uM22zzELXNXY71CHEsS15Zoc1Pru3:ris7q59H4ydKv2ERQ5AwwjKJCkl1TPC
Threatray 75 similar samples on MalwareBazaar
TLSH 5C42FA3DCD68423FC2B7C23DC9DB8A03F591991B270DEE4A60D773A65923183B99216D
Reporter JAMESWT_WT
Tags:CobaltStrike

Intelligence

File Origin
# of uploads :
1
# of downloads :
601
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
0f1fb6ff690d1b40e8aa3302cb638b73b65920616ccb9ec2c32069d41875ab77
Verdict:
No threats detected
Analysis date:
2021-03-17 13:25:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2f44605a-a218-493e-94ac-f54fc5731854

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/124564/
Detection(s):
Win.Packed.Dropperx-9832524-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Connection attempt
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/642286
Signature
.NET source code references suspicious native API functions
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0f1fb6ff690d1b40e8aa3302cb638b73b65920616ccb9ec2c32069d41875ab77/
Threat name:
ByteCode-MSIL.Backdoor.Meterpreter
Create hunting rule
Status:
Malicious
First seen:
2021-03-11 17:24:00 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
30 of 47 (63.83%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0987cbf31ed36600d0e176b15737104286f5fc52b75798465331629975a34368
CobaltStrike
118ed2b8b1f173f80cf2efd988170d78b876e0af02a10868b4d61aa01bedf1d3
CobaltStrike
2ce0a491dd1a778d1a0beee30cb52bfd3df11262d9783533c931c60484a4adb0
CobaltStrike
3fb0587d38c59d7b15929a1566fafc764271cfe54f1e117e87f02617a112eafa
CobaltStrike
67e4e4eb893a2386e782d4d4c7a44eaf70388cad0bb32f30fa3a06e466f583fd
CobaltStrike
a1d9d1784959597859b70af8479ecb3a5eb577be1bcf10dc2b57fd7beb3ba874
CobaltStrike
c380f48e3d649b6a44b05134108a8c79536f289240e9ed9135e35dadffb6c350
CobaltStrike
ca4b4b00239f166e04f394e397ce99d74129ca1917b8f95a92b8c722c9991832
CobaltStrike
dc6e2fe4208ef45c9131412de032c2b752425b5c0fc37dfecdbb2d0a0ea6263d
CobaltStrike
ec2f156359e30aaf1929dff8f4b97deba32fe642d7fb8a76ba2346605c2d94d0
CobaltStrike
+ 65 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/210317-hqy56lsy36/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Cobaltstrike
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
0f1fb6ff690d1b40e8aa3302cb638b73b65920616ccb9ec2c32069d41875ab77
MD5 hash:
a1e3e6b9e3d3bf7f66af8e9b650b2f88
SHA1 hash:
fae65a929b80e5c089f392918b631b382ec6e45b
Link:
https://www.unpac.me/results/f6c8f80b-5fd4-4d2d-8185-47572a377b86/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0f1fb6ff690d1b40e8aa3302cb638b73b65920616ccb9ec2c32069d41875ab77

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/malwrhunterteam/status/1372173384281391115?s=20
Cape
Cape
https://www.capesandbox.com/analysis/124564/

Comments