MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70eae6d411554b0587f9bc3e7e7cc753e81b8086310dc5fa8181c44632fe1ada. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	70eae6d411554b0587f9bc3e7e7cc753e81b8086310dc5fa8181c44632fe1ada
SHA3-384 hash:	6583f48699fae8f208b4b7b627abf8025d481011fea9e3f24111fd65ee170a42ad1b3b24494a38f8d70f1a76e70f762f
SHA1 hash:	913fca01c50a2be893f26de347cef21f185de49c
MD5 hash:	929382d455868a6037c3a4ff93e81314
humanhash:	ohio-jig-winner-missouri
File name:	qwr.bin
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	1'379'752 bytes
First seen:	2020-07-29 11:41:28 UTC
Last seen:	2020-07-29 13:01:14 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f0d42366f30ff976d3d577f50e98d196 (1 x CobaltStrike)
ssdeep	6144:+LJeRq3s+SoggtUQg2tHlQNCL0TJd5FjZ0nriipVor1aYtE6gR9KTlkyrcijO:4n3s+3tvdtFCCYV7FjqP81aoblk/ijO
Threatray	72 similar samples on MalwareBazaar
TLSH	DC55180B918B8F2CC6ED51B6F8EAE32E5566D04E1D0B2D6C63ACD1B1B4D35187C80BD9
Reporter	JAMESWT_WT
Tags:	CobaltStrike

Code Signing Certificate

Organisation:	F.A.T. SARL
Issuer:	Sectigo RSA Code Signing CA
Algorithm:	sha256WithRSAEncryption
Valid from:	May 27 00:00:00 2020 GMT
Valid to:	May 27 23:59:59 2021 GMT
Serial number:	B649A966410F62999C939384AF553919
MalwareBazaar Blocklist:	This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:	SHA256
Thumbprint:	A0C6CD25E1990C0D03B6EC1AD5A140F2C8014A8C2F1F4F227EE2597DF91A8B6C
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

2

# of downloads :

86

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/34843/

Detection(s):

SecuriteInfo.com.Mal.Gen.13383.19637.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/402457

Signature

Detected unpacking (changes PE section rights)

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/70eae6d411554b0587f9bc3e7e7cc753e81b8086310dc5fa8181c44632fe1ada/

Threat name:

Win32.Trojan.CobaltStrike

Status:

Malicious

First seen:

2020-07-29 08:19:57 UTC

File Type:

PE (Exe)

AV detection:

34 of 48 (70.83%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=odvonvarkvfqlb7zxq7h47ghkpubxaeggeg4l6ubqhcemmx6dlna._file

Verdict:

malicious

Label(s):

trickbot

Similar samples:

2f72550c99a297558235caa97d025054f70a276283998d9686c282612ebdbea0

34d38e1cf8761561180c63079d63c277b92959359278be8d020391524dece203

389f2000a22e839ddafb28d9cf522b0b71e303e0ae89e5fc2cd5b53ae9256848

3dfb4e7ca12b7176a0cf12edce288b26a970339e6529a0b2dad7114bba0e16c3

4d71f1eab01045de9ae76ea248be7746bad70c12ad977eeb6e8f8e46bbce6395

8668a50a557e2b402d105cd44953bcb7f2a854b34ed6fa89daabe706f809ce32

96c441a2676616cbc2869de5adf4215bdad4603d970f956cc3de927301599257

a68210378135bd42e9a1a8e854fb0cab06f58ffcab9a8583f0654fe9807c5555

e571cd3a4c0744cb3c5443b868577adced331a7545fcb6e2ed0efbe7506a2f9b

f241b9ad9deb20f65e777ea5349b27ca5c70e74c1ca7d82413bcf0b03b8054c8

+ 62 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/200729-7kxz3lmzsx/

Behaviour

Modifies system certificate store

Malware Config

C2 Extraction:

http://signup-now.com:443/jquery-3.3.1.min.js

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

WanaCrypt0r

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/70eae6d411554b0587f9bc3e7e7cc753e81b8086310dc5fa8181c44632fe1ada

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/34843/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample