MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f74bedba6861d2dce4f9bcb9cee42844433b4fd4c78e7d4234d2868b9e7de57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	5f74bedba6861d2dce4f9bcb9cee42844433b4fd4c78e7d4234d2868b9e7de57
SHA3-384 hash:	a409f089171afdf6d442e32104762cf61da412a1f6dbe836fda76ffe928b833b41f3810d665cdcc67f0223f94775bed0
SHA1 hash:	94d50e567a7df146f5f9475d7b81ea594655f73f
MD5 hash:	1f40bf4ac4a389b0353d748c31eb8f3d
humanhash:	hot-ink-echo-wolfram
File name:	5f74bedba6861d2dce4f9bcb9cee42844433b4fd4c78e7d4234d2868b9e7de57.bin
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	288'256 bytes
First seen:	2021-07-30 09:21:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	17b461a082950fc6332228572138b80c (121 x CobaltStrike, 2 x Cobalt Strike)
ssdeep	6144:NCWJev6dUNXlIkyl5yS8Pj4cKBXM+UD7Z1R8z7cE96JQbW+g/XNaoP:nevSqWkyl5yS8PccKBX/Gf+z7D4
Threatray	1'042 similar samples on MalwareBazaar
TLSH	T1EB54AE3C79AF6115CF9E1D72B489517CB25227A113FC98681F9FA11D2A230A27BCBC74
Reporter	JAMESWT_WT
Tags:	47.117.141.252 CobaltStrike exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

614

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

5f74bedba6861d2dce4f9bcb9cee42844433b4fd4c78e7d4234d2868b9e7de57.bin

Verdict:

No threats detected

Analysis date:

2021-07-30 09:23:02 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/8109554c-2022-41c6-a853-346ed1ca6e47

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

CobaltStrikeBeacon

Link:

https://www.capesandbox.com/analysis/175261/

Detection(s):

Win.Trojan.CobaltStrike-9044898-1

Win.Trojan.CobaltStrike-7899871-1

Win.Countermeasure.LoaderWinGeneric-9804845-2

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

CobaltStrike

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a25c68bb-87f1-4826-98d4-5fdafc7b6452

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/824404

Signature

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

cobaltstrike

Link:

https://mwdb.cert.pl/sample/5f74bedba6861d2dce4f9bcb9cee42844433b4fd4c78e7d4234d2868b9e7de57/

Threat name:

Win64.Trojan.CobaltStrike

Status:

Malicious

First seen:

2021-07-18 19:12:00 UTC

File Type:

PE+ (Exe)

AV detection:

37 of 46 (80.43%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

0240347f0a7e6318facda5d29103c2dba44ef0d45f76706cd5ade058a69c0c55

055672abeb2d5018279ea2ad039bfa752c1f8333c065e3830ba61b17a65f3731

0ec8d01e78f2157589701925ec97ada690046fa17ca65a0db766d96533529aab

25e3873adf19d7e8ba42b472322dbafdfc21d55a2119b81ad9728d6e8e2b0e7b

3175976cea0ac6b13312f1922423fca3f3d0bf99848f6b575c1063ed0f0cb8f4

9127f4731cb668c005941f22e29406e5973f97a54faa0ea3d8b91b163e37b19a

a93eb70cc4152e32cd3a39fda968b2da5ade48453927410a0d520f2d13223d11

cb01f31a322572035cf19f6cda00bcf1d8235dcc692588810405d0fc6e8d239c

ecb843e273a1466cc30236163514fc5ec75031651448b30ba2f163578c62bb5b

f25295fc7d3435f80f39e602465da255ee0ace3d845315dac8731873adff894d

+ 1'032 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:1359593325 backdoor suricata trojan

Link:

https://tria.ge/reports/210730-yk8wgr9sca/

Behaviour

Cobaltstrike

suricata: ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response

Malware Config

C2 Extraction:

http://47.117.141.252:6845/jquery-3.3.1.min.js

Unpacked files

SH256 hash:

5f74bedba6861d2dce4f9bcb9cee42844433b4fd4c78e7d4234d2868b9e7de57

MD5 hash:

1f40bf4ac4a389b0353d748c31eb8f3d

SHA1 hash:

94d50e567a7df146f5f9475d7b81ea594655f73f

Link:

https://www.unpac.me/results/099467c6-b790-4332-9dd9-3f22a7350eb2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5f74bedba6861d2dce4f9bcb9cee42844433b4fd4c78e7d4234d2868b9e7de57

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/175261/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample