MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2949aec1094a9ecaaef168ef50885e49226bb9b46e8c015b74bc98772ac340e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2949aec1094a9ecaaef168ef50885e49226bb9b46e8c015b74bc98772ac340e6
SHA3-384 hash: 3cb7eec4202eda7ad954c837e5f6e5b2984a43c0a363895da97f60e82f966731dd39c151268670c6e793d953f6bb2368
SHA1 hash: 30a0877ed734a2f1db8707b0a9f70eb5d4c8a892
MD5 hash: f2f313cfc30ff5593795e4518654fb03
humanhash: blue-blossom-yankee-item
File name:payload.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:17'920 bytes
First seen:2021-02-18 10:29:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 17b461a082950fc6332228572138b80c (121 x CobaltStrike, 2 x Cobalt Strike)
ssdeep 192:pDMAe4Ckj19RZZ6wpSfu1bKcq5uHj7khBDSeKNH4LI/yleBUbOj6kxiY:pDMAoKz6WtKEj7aBDix/yobAY
Threatray 44 similar samples on MalwareBazaar
TLSH 0C821B7FB64228E9C12BD178C9EE6771ADF17121416B171F2FB8C7302E21978467D909
Reporter r3dbU7z
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
504
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/117740/
Detection(s):
Win.Trojan.CobaltStrike-9044898-1
Create hunting rule

Win.Trojan.CobaltStrike-7899871-1
Create hunting rule

Win.Countermeasure.LoaderWinGeneric-9804845-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/611391
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2949aec1094a9ecaaef168ef50885e49226bb9b46e8c015b74bc98772ac340e6/
Threat name:
Win64.Backdoor.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2021-02-18 10:30:08 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
080ef9f0362e415d3292125aa97d460f0499b6bec9596e2e580aef1fd7576e07
CobaltStrike
0987cbf31ed36600d0e176b15737104286f5fc52b75798465331629975a34368
CobaltStrike
2b37d1cc352523550bc54e25ed9d5c6f4924f597d006a854e5f4336f0251163e
CobaltStrike
2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c
CobaltStrike
86ecb5b31182eb2fd094398cbc5a7f3d20aa6a661a733294009d14cd7ba19224
CobaltStrike
9a56a2cd845b22c393ea8fba2a5467642181039aac3876082fe2a8d92adfae55
CobaltStrike
9a7d2b2c96ee9b7b0ddc1665988d935a719f04cdb2b2dd331ec36aa4f6597506
CobaltStrike
b688dd3b5c68db421a7a5d1cdd19ad7a847771c7f7ad33fe9a0f74e475428c83
CobaltStrike
dc504935b4a0f6059ba40c20803c7cf22b5c3a5f0b20226e36003df979bcbd4a
CobaltStrike
fb780f623a78c9b5aa8a279430731b84d0efe937ea5684f80182e4f896e8e288
CobaltStrike
+ 34 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/210218-dr7jzpe5es/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Cobaltstrike
Suspicious use of NtCreateProcessExOtherParentProcess
Malware Config
C2 Extraction:
http://213.236.64.41:443/2vKj
Unpacked files
SH256 hash:
2949aec1094a9ecaaef168ef50885e49226bb9b46e8c015b74bc98772ac340e6
MD5 hash:
f2f313cfc30ff5593795e4518654fb03
SHA1 hash:
30a0877ed734a2f1db8707b0a9f70eb5d4c8a892
Link:
https://www.unpac.me/results/825285c4-d1c4-47fe-9d01-9b0a8200649a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2949aec1094a9ecaaef168ef50885e49226bb9b46e8c015b74bc98772ac340e6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/117740/

Comments