MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f4037898d619b3b5f1c9fedd3e3940f46d39a57db2cbf9b4d8238d587fd7168. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 3

Intelligence 3 IOCs YARA 4255 File information Comments

SHA256 hash:	4f4037898d619b3b5f1c9fedd3e3940f46d39a57db2cbf9b4d8238d587fd7168
SHA3-384 hash:	5e9782c721318da83d1dbb8ffc57cf1c9c3910c9ce3f46bb5c5fd26ca0b518bb4645463e3caa7863a0567baef26b1a84
SHA1 hash:	9f56a8645d57928180dcb3cf027d162f38d7a489
MD5 hash:	c1fe783473c42c008d03ef814ebe7e26
humanhash:	yellow-nevada-minnesota-failed
File name:	bg_9e7dd9609e984e01b4909ed937198860.exe.dom_2.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	212'992 bytes
First seen:	2020-04-30 10:06:30 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b4c6fff030479aa3b12625be67bf4914 (122 x Meterpreter, 16 x Metasploit, 4 x CobaltStrike)
ssdeep	3072:TDV9v4AG+W6IdC5409AVeb5yeKOTNJA/1zS0HZ/r0PmZgvtc+UhLx:TDVKQW674vVCyiTXA/lXHJwe
Threatray	1'664 similar samples on MalwareBazaar
TLSH	C7246C8633A410B9ED73913DC6635A06E3B6784613B097CF07A443BAAF1BBD1663D721
Reporter	Anonymous
Tags:	Cobalt Strike

Intelligence

File Origin

# of uploads :

# of downloads :

101

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Tool.MeterPreter-6294292-0

SecuriteInfo.com.Crypt_r.AKH.14258.12458.UNOFFICIAL

Gathering data

Threat name:

Win64.Trojan.Meterpreter

Status:

Malicious

First seen:

2020-04-30 10:36:33 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

28 of 31 (90.32%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

CobaltStrike

080ef9f0362e415d3292125aa97d460f0499b6bec9596e2e580aef1fd7576e07

CobaltStrike

3e6c11f27c1309c63abe0a1563c6141ce7b8d8110419c572be46dcb3578db443

CobaltStrike

4d71f1eab01045de9ae76ea248be7746bad70c12ad977eeb6e8f8e46bbce6395

CobaltStrike

593d037e9fd467ebe80cb0ff28d22be2dbc0fdaad4d626ee2ad30707d8ea23da

CobaltStrike

9282d409b92e1ebf58829283933edea243f7ccf3b68456139986c7cb5949522d

CobaltStrike

a8241398b22ba3745b460a7a0c39cb9a86ca258b9283901d42e8dab283acb39b

CobaltStrike

d5fce47c9f644b0cd9d392a93e30bbfdc9368d06250263a200708da9f80e4048

CobaltStrike

f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f

CobaltStrike

f9a19835601dc81b94557b0452cbde314a8f856e9d6371b825f39b627dba2949

CobaltStrike

+ 1'654 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	ReflectiveLoader Create hunting rule
Description:	Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
Reference:	Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via e-mail link

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample