MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2561379ad92527aabb67d7649589e2a3719db5e57f2b451baf57f57258def793. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2561379ad92527aabb67d7649589e2a3719db5e57f2b451baf57f57258def793
SHA3-384 hash: ca94442133b6e0d5a71ec70bcb579c6a617c330ab97b762204a3e6f5f732c9cca81d2ec8c6d806c4e0b1e22a41dbffbd
SHA1 hash: b6af240db979c3a8ec4c242146c492876ba51463
MD5 hash: 02d193a49f50db0e65cecbeea576803c
humanhash: neptune-delta-queen-nitrogen
File name:2561379ad92527aabb67d7649589e2a3719db5e57f2b451baf57f57258def793
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:1'470'400 bytes
First seen:2020-09-17 07:13:24 UTC
Last seen:2020-09-17 07:37:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4adbeff4347a624628916d4c4e5fa44e (1 x CobaltStrike)
ssdeep 12288:gn3s+3tvdtB4XtIKsa9VxMaS1exInobVi:+s+ntBGqC9VZS1exIn+Vi
Threatray 68 similar samples on MalwareBazaar
TLSH 2B653907518A9F2CDAED11B6F8EEE72E56B59C0A190B2D0C33ECF575B0B311478816DA
Reporter JAMESWT_WT
Tags:CobaltStrike Elite Web Development Ltd. signed

Code Signing Certificate

Organisation:Elite Web Development Ltd.
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:Jul 2 00:00:00 2020 GMT
Valid to:Jul 2 23:59:59 2021 GMT
Serial number: 6CFA5050C819C4ACBB8FA75979688DFF
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: E7241394097402BF9E32C87CADA4BA5E0D1E9923F028683713C2F339F6F59FA9
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/62677/
Detection(s):
SecuriteInfo.com.Trojan.DownLoad4.13911.925.20723.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Connection attempt
Sending an HTTP GET request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/468815
Signature
Detected unpacking (changes PE section rights)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2561379ad92527aabb67d7649589e2a3719db5e57f2b451baf57f57258def793/
Threat name:
Win32.PUA.CobaltStrikeBeacon
Create hunting rule
Status:
Malicious
First seen:
2020-09-17 03:14:58 UTC
File Type:
PE (Exe)
Extracted files:
31
AV detection:
21 of 29 (72.41%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=evqtpgwzeut2vo3h25sjlcpcunyz3npfp4vukg5pk72xewg666jq._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
cobaltstrike
Create hunting rule
Similar samples:
2f72550c99a297558235caa97d025054f70a276283998d9686c282612ebdbea0
CobaltStrike
3dfb4e7ca12b7176a0cf12edce288b26a970339e6529a0b2dad7114bba0e16c3
CobaltStrike
4d71f1eab01045de9ae76ea248be7746bad70c12ad977eeb6e8f8e46bbce6395
CobaltStrike
70eae6d411554b0587f9bc3e7e7cc753e81b8086310dc5fa8181c44632fe1ada
CobaltStrike
8bb24503e3418b4e1879c450818a21da05f7f3a54da7939b3f1733b45c9bb029
CobaltStrike
96c441a2676616cbc2869de5adf4215bdad4603d970f956cc3de927301599257
CobaltStrike
a68210378135bd42e9a1a8e854fb0cab06f58ffcab9a8583f0654fe9807c5555
CobaltStrike
c786e4de11e64be8d4118cf8ba6b210e3396e3bb579f3afd4bf528c35bab4a6b
CobaltStrike
e571cd3a4c0744cb3c5443b868577adced331a7545fcb6e2ed0efbe7506a2f9b
CobaltStrike
f241b9ad9deb20f65e777ea5349b27ca5c70e74c1ca7d82413bcf0b03b8054c8
CobaltStrike
+ 58 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
trojan backdoor family:cobaltstrike
Link:
https://tria.ge/reports/200917-ewcbfk28h6/
Behaviour
Cobaltstrike
Malware Config
C2 Extraction:
http://video.oracle.com:80/jquery-3.3.1.min.js
http://marketplace-templates-uat.cp.lenovo.com:80/jquery-3.3.1.min.js
http://repossl.global.cp.lenovo.com:80/jquery-3.3.1.min.js
http://marketplace-templates.cp.lenovo.com:80/jquery-3.3.1.min.js
http://mptemplates.cp.lenovo.com:80/jquery-3.3.1.min.js
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2561379ad92527aabb67d7649589e2a3719db5e57f2b451baf57f57258def793

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/62677/

Comments


Avatar
JAMESWT commented on 2020-09-17 09:07:01 UTC

Reference
https://twitter.com/malwrhunterteam/status/1306490283127955456?s=20