MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 580cc9e785ffa316f63b39365e7f21a570404fd833046d09e5e132aadde7a4ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	580cc9e785ffa316f63b39365e7f21a570404fd833046d09e5e132aadde7a4ba
SHA3-384 hash:	71bb69d74f5748ca26f5de04378fcadf73438b5898e23917cb603fa4f3d735fa527c0baac8f57eae584f1ed1df2b3bda
SHA1 hash:	7238cf492b49f1207194c7f8f8d88412b24f7b07
MD5 hash:	457104e6823e3c7c6e31acbf00f733f8
humanhash:	quebec-island-white-red
File name:	cobaltstrike_shellcode_1.bin
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	284'160 bytes
First seen:	2020-07-22 11:31:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	481f47bbb2c9c21e108d65f52b04c448 (257 x Meterpreter, 93 x Metasploit, 33 x ShikataGaNai)
ssdeep	6144:5qGdXu6wz0Nc8QswJwdBECcXdDmT/8hKw+dotG0hd+k+7A9I:plu6oZ6dBECcm8cMG0hd+k+0u
Threatray	74 similar samples on MalwareBazaar
TLSH	1454CFE1A5C70DB1D07223F836AFE3B255E991DA2605424633F8C6B9BBC54A42ED53C3
Reporter	JAMESWT_WT
Tags:	CobaltStrike

Intelligence

File Origin

# of uploads :

1

# of downloads :

97

Origin country :

n/a

Vendor Threat Intelligence

Detection:

CobaltStrikeBeacon

Link:

https://www.capesandbox.com/analysis/31151/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Result

Threat name:

CobaltStrike Metasploit

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/395022

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/580cc9e785ffa316f63b39365e7f21a570404fd833046d09e5e132aadde7a4ba/

Threat name:

Win32.Trojan.Cometer

Status:

Malicious

First seen:

2020-07-22 11:30:46 UTC

File Type:

PE (Exe)

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=lagmtz4f76rrn5r3he3f47zbuvyeat6ygmcg2cpf4ezkvxphus5a._file

Verdict:

malicious

Similar samples:

3eeac52f9036116d189ca4aa82022efc7a764abe9d559129e6b3720cff203fd9

4d8232c8973ec2c528be5f380b9f027a7221023e2b2e774403a8839385b2e197

5e81e0f0aa8ff34a845b62472a3d2a83fa43ee47819dbc841d8004b64ffd79fc

65b353273d5aa143b6ad5fc5ee4af51930ccef9ea96d07345a619f8950d1132d

70e96ab0deb629da68b0af277376f4598c1062064beecedf3ee8d72de0a9b1a1

c69659689b7727a9478bc248fb3395fb487df4542f14503420b750fd64765e35

c98a4e73814c3e5571f7210aa1226cb01e79c98fa5d41ade0b34bb8298f2b09b

e050425e51b6c04333e0b93b6a9e30b454adec91161e010f24c2b2b7be451279

e05f6dab54210a041235191663afd7f296c4733e42d9f09b971a9861bf317df8

ec80dafae2b435962d141d4137ba9e9b84d36c5933828c490d113a88b9c4d2a5

+ 64 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200722-by57hz2gr6/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

0.96

Link:

https://yomi.yoroi.company/submissions/580cc9e785ffa316f63b39365e7f21a570404fd833046d09e5e132aadde7a4ba

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/31151/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample