MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 496af0522abd6667a524a45cd7f5488d9d2c0c4657bb48f3c42237bd3d4ef233. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	496af0522abd6667a524a45cd7f5488d9d2c0c4657bb48f3c42237bd3d4ef233
SHA3-384 hash:	be47d92a0435f180e213c17b4a7dd6ebf7c4006e56025b47b71a078b76503deed574238310b1e1741bc73c1e0c573f9d
SHA1 hash:	bc320cec6ac101eb7a84af69d2a9d38da004ec85
MD5 hash:	2c7d8fb6b21367aed916d34095331d13
humanhash:	blossom-north-paris-thirteen
File name:	1.ps1
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	134'121 bytes
First seen:	2022-04-25 07:30:20 UTC
Last seen:	2022-04-25 07:46:19 UTC
File type:	ps1
MIME type:	text/plain
ssdeep	48:8p54mOZ/RF85rsZgoIdZk2nTP4NoUtfwblJk9BqdbWuMiTygT3T1fx2VtOTtaNbQ:8p54mq/RoH
Threatray	250 similar samples on MalwareBazaar
TLSH	T16ED3015B7ED816D17BF872212A9BB261463E87DF60668306B0DD168173367E9E330CE4
Reporter	JAMESWT_WT
Tags:	CobaltStrike ps1

Intelligence

File Origin

# of uploads :

2

# of downloads :

733

Origin country :

n/a

Vendor Threat Intelligence

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

powershell

Link:

https://www.filescan.io/uploads/62664e36a7c29825bf70c14a/reports/7c146682-4396-436b-9a29-ba78a028d57d/overview

Result

Verdict:

UNKNOWN

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/496af0522abd6667a524a45cd7f5488d9d2c0c4657bb48f3c42237bd3d4ef233/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jfvpaurkxvtgpjjeuronp5kirwosydcgk65ur46eei332pko6izq._file

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

080c2647fb26ac8576014a21591465eba5b0ee03475f70e95bc3a4caa8d3642e

2fe7b81253f7726822e0f6ff1a3bacea73ca2356ca4dcb460493586629961ad0

6cc8e13f66166e615a847f9444a0258b0e7a01fb8e607c49c482b2b4d50cd829

7608d92da7de2b284264bf62c82d0070a328cb70a068a5232f10c849f19b96ac

7920fb3873012f1abef8c2abfb905e53317595874985f24b23fb318b54b1e243

d3f1d658545c3726233e696e3cea4d66d9a515d60f551ea01abfda00552e17da

+ 240 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:0 backdoor trojan

Link:

https://tria.ge/reports/220425-jccymabed9/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Blocklisted process makes network request

Cobaltstrike

Malware family:

CobaltStrike

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/496af0522abd/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.65

Link:

https://yomi.yoroi.company/submissions/496af0522abd6667a524a45cd7f5488d9d2c0c4657bb48f3c42237bd3d4ef233

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample