MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 389f2000a22e839ddafb28d9cf522b0b71e303e0ae89e5fc2cd5b53ae9256848. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 389f2000a22e839ddafb28d9cf522b0b71e303e0ae89e5fc2cd5b53ae9256848
SHA3-384 hash: c4d6588828de9f87290d5e307382b62101e1bb6ab517bd6d64297d129355094a74eee37d259aee3232f564afb7be7f9b
SHA1 hash: deff0998edcd3c7b43e06bda2f0b93bd46d10bd1
MD5 hash: 9b0af1d42eb9d1e7033a958d5a0870c8
humanhash: beryllium-july-freddie-nevada
File name:389f2000a22e839ddafb28d9cf522b0b71e303e0ae89e5fc2cd5b53ae9256848
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:1'833'920 bytes
First seen:2020-09-05 06:08:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3625ffc5053fe37581b07f0331444eb9 (3 x CobaltStrike)
ssdeep 6144:YtYBh8yGtiyB4RHrUzdyDwe3qF7pMkZs3wEC8IjSwwIr08jRgML2slob6:YodWiyB4ledkwqqF+kZT9BSwwItR9Om
TLSH 39850684196ECE77BCD2B73AF195EE167910207944EFC0902DBCA0FD7DE728A0D0A956
Reporter JAMESWT_WT
Tags:CobalStrike CobaltStrike Programavimo paslaugos MB

Code Signing Certificate

Organisation:Programavimo paslaugos
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:May 14 00:00:00 2020 GMT
Valid to:May 14 23:59:59 2021 GMT
Serial number: 29128A56E7B3BFB230742591AC8B4718
Intelligence: 3 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: F9FCC798E1FCCEE123034FE9DA9A28283DE48BA7AE20F0C55CE0D36AE4625133
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/57317/
Detection(s):
SecuriteInfo.com.Trojan.DownLoad4.13911.5590.7788.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/389f2000a22e839ddafb28d9cf522b0b71e303e0ae89e5fc2cd5b53ae9256848/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 00:46:54 UTC
File Type:
PE (Exe)
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hcpsaafcf2bz3wx3fdm46urlbny6ga7av2e6l7bm2w2tv2jfnbea._file
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
trojan backdoor family:cobaltstrike
Link:
https://tria.ge/reports/200905-44f1kq87s2/
Behaviour
Cobaltstrike
Malware Config
C2 Extraction:
http://consultane.com:443/jquery-3.3.1.min.js
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
qbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/389f2000a22e839ddafb28d9cf522b0b71e303e0ae89e5fc2cd5b53ae9256848

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/57317/

Comments