MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2738a5551efd8282120f471d8717d174d356cdf5ce74441b9941df3fe8f28e37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2738a5551efd8282120f471d8717d174d356cdf5ce74441b9941df3fe8f28e37
SHA3-384 hash: 278648756888171a16b652de617fbaa8fdd6abf797dfb56e0ec53add866f2a8edcd8275341ae415932aa3a803fc2bf56
SHA1 hash: 0f31339b779855d6e2f4b1b8fb9782e8071bb081
MD5 hash: ebc3184cbb85123ebff587bba8c4f6ad
humanhash: aspen-king-hamper-nine
File name:2738a5551efd8282120f471d8717d174d356cdf5ce74441b9941df3fe8f28e37.bin
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:287'744 bytes
First seen:2021-03-04 15:42:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f73cb1b8999c7e79c50459b8e1f144f0 (5 x CobaltStrike)
ssdeep 6144:mMd/Gfe0iEmfzuB8dLkwnoZlR49Gtvr6:Fd3b3buWSwH96T
Threatray 725 similar samples on MalwareBazaar
TLSH B054ADA9830A029BCF8CF6F5BAD57333B423F0EE6CA414C4B166C79CF95825579845B2
Reporter Arkbird_SOLG
Tags:Cobalt Strike CobaltStrike X64

Intelligence

File Origin
# of uploads :
1
# of downloads :
311
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
2738a5551efd8282120f471d8717d174d356cdf5ce74441b9941df3fe8f28e37.bin
Verdict:
No threats detected
Analysis date:
2021-03-04 15:44:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ea7d93da-0e60-4f7d-b9d4-5edc710941bd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/122301/
Detection(s):
Win.Trojan.CobaltStrike-9044898-1
Create hunting rule

Win.Trojan.CobaltStrike-7899871-1
Create hunting rule

Win.Countermeasure.LoaderWinGeneric-9804845-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/628807
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 363379 Sample: DF2jAD8YEb.bin Startdate: 04/03/2021 Architecture: WINDOWS Score: 56 27 Antivirus / Scanner detection for submitted sample 2->27 29 Multi AV Scanner detection for submitted file 2->29 8 loaddll64.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 regsvr32.exe 8->12         started        14 rundll32.exe 8->14         started        process5 16 iexplore.exe 2 83 10->16         started        process6 18 iexplore.exe 5 158 16->18         started        dnsIp7 21 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49732, 49733 FASTLYUS United States 18->21 23 geolocation.onetrust.com 104.20.184.68, 443, 49718, 49719 CLOUDFLARENETUS United States 18->23 25 8 other IPs or domains 18->25
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2738a5551efd8282120f471d8717d174d356cdf5ce74441b9941df3fe8f28e37/
Threat name:
Win64.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2021-02-24 18:21:00 UTC
File Type:
PE+ (Dll)
AV detection:
39 of 47 (82.98%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
05815c1e6e37cf16bb24c456836069a7709df19505708d26f503ff46360001ba
CobaltStrike
2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c
CobaltStrike
6543e374acbfe9a3bcfa9a76cb743aaea934c1a1fce7c419b42c27b3fbb1f880
CobaltStrike
836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599
CobaltStrike
87dca59ec3d55bcb1b05da564e5ce0a164ab633f1c46a18a97f72a30efff7388
CobaltStrike
9a7d2b2c96ee9b7b0ddc1665988d935a719f04cdb2b2dd331ec36aa4f6597506
CobaltStrike
d44d718c247b1664861f987b1725314f152e43e7c1da80b163f812e1b7c3fdb7
CobaltStrike
dc504935b4a0f6059ba40c20803c7cf22b5c3a5f0b20226e36003df979bcbd4a
CobaltStrike
ede75c0a88d80043f79025dfd8ef91c3d1b01a1613f4a0347b2ceb29f8b19578
CobaltStrike
fb780f623a78c9b5aa8a279430731b84d0efe937ea5684f80182e4f896e8e288
CobaltStrike
+ 715 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210304-wwqa2kmnee/
Behaviour
Program crash
Unpacked files
SH256 hash:
2738a5551efd8282120f471d8717d174d356cdf5ce74441b9941df3fe8f28e37
MD5 hash:
ebc3184cbb85123ebff587bba8c4f6ad
SHA1 hash:
0f31339b779855d6e2f4b1b8fb9782e8071bb081
Link:
https://www.unpac.me/results/e5f11b1b-29ff-467b-a09a-a8917b0f3168/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2738a5551efd8282120f471d8717d174d356cdf5ce74441b9941df3fe8f28e37

File information

The table below shows additional information about this malware sample such as delivery method and external references.

CobaltStrike

Excel file xlsm 77d6239a1082b6dfc5ad9d1c07fcc9610ed933195067e112a0947cb8c149b5d5

CobaltStrike

Executable exe 2738a5551efd8282120f471d8717d174d356cdf5ce74441b9941df3fe8f28e37

(this sample)

  
Dropped by
SHA256 77d6239a1082b6dfc5ad9d1c07fcc9610ed933195067e112a0947cb8c149b5d5
Cape
Cape
https://www.capesandbox.com/analysis/122301/

Comments