MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f8571d423e2af665fecf616c284491982acd4d3ab59a4ceb0790fa713266376. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	2f8571d423e2af665fecf616c284491982acd4d3ab59a4ceb0790fa713266376
SHA3-384 hash:	de8e0f0af291652f8b7a5a3ba0776b747e2be4a474ba52df327271db647c99eca6194472a3910375d4b13c4c8d70a393
SHA1 hash:	0da329537c48e05bd23c855873e3f78b97888256
MD5 hash:	04d4a539df2194a467cbfda3e6644775
humanhash:	april-finch-pluto-failed
File name:	data.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	284'672 bytes
First seen:	2021-01-25 16:33:27 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	dc25ee78e2ef4d36faa0badf1e7461c9 (118 x CobaltStrike, 5 x Cobalt Strike)
ssdeep	6144:bRQV3L4LEbSI6tfwMBGnKdc99evmYSSSSuSSSSx:bw74LEZ6aMBiKdcqmYSSSSuSSSS
Threatray	225 similar samples on MalwareBazaar
TLSH	A354ADA794310A8BFDD3953BFC436659AF345087F64D2E01EA4DFC62289112CB4AE21F
Reporter	sS55752750
Tags:	#cobaltstrike CobaltStrike

Intelligence

File Origin

# of uploads :

1

# of downloads :

274

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

data.exe

Verdict:

No threats detected

Analysis date:

2021-01-25 16:27:10 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/3c6df07c-60d4-493a-afcf-5c712025462e

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/114606/

Detection(s):

Win.Trojan.CobaltStrike-7899872-1

Win.Countermeasure.LoaderWinGeneric-9804845-2

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2f8571d423e2af665fecf616c284491982acd4d3ab59a4ceb0790fa713266376/

Threat name:

Win32.Trojan.CobaltStrike

Status:

Malicious

First seen:

2021-01-25 16:34:06 UTC

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

2d797a098d2c0e164f5bfe29e3ae282f873709270f05950a3dc76d65f1acf47c

3cd9b8f675d4718c4d73a9b1656836790a058b8ba46c1e0f254d46775ab06556

558ec2b4c735574edc8757f11592735eb27aa61693885b5aa7299c7950faf1c0

5cd1e21eef3c4ed694dc429b88b403995244060feb4fdea12473aff4d782e1f5

843ecb8f65383d379efac41850e2962630597fbb9d327215268c480e896fa16a

9b27a5018742f9fd6d6c1f94e56215b64eaf0b263e43b82feec02ceeab208398

a9ca1d6a981ccc8d8b144f337c259891a67eb6b85ee41b03699baacf4aae9a78

ad42170cf53ef7e0ea91196fedd5f8ae7665e207f9de002c63562f4b1db57717

e4ca37b939f9ca60aab3b68d49169ee93e46548b76dfb31eeb43d4161fd3dc1a

f53fc8ee1359db4a8a7ec51d9fa82c5aa2b9e9c462c7d83151c853dda815c628

+ 215 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/210125-4nt6pbx182/

Behaviour

Cobaltstrike

Unpacked files

SH256 hash:

2f8571d423e2af665fecf616c284491982acd4d3ab59a4ceb0790fa713266376

MD5 hash:

04d4a539df2194a467cbfda3e6644775

SHA1 hash:

0da329537c48e05bd23c855873e3f78b97888256

Link:

https://www.unpac.me/results/c69b4bf5-b414-45df-9f9a-f15ca09d2a4f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

CobaltStrike

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2f8571d423e2af665fecf616c284491982acd4d3ab59a4ceb0790fa713266376

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/114606/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample