MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7bc0fdc6b2caf2175c49bfbf735c70e462424aa45cf5d193bd8788eddac08c8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	7bc0fdc6b2caf2175c49bfbf735c70e462424aa45cf5d193bd8788eddac08c8c
SHA3-384 hash:	8dcb7fac2826158b50bb499926237cb2c6eabc1f7e9c1a2ad0699ce60c18bcc12ebf4c2108511f16040fb4ac157105e7
SHA1 hash:	97efc5832ec79f0b831b3ad39be20a4e67b438e1
MD5 hash:	5046b4c2a231193546d561943408d4f3
humanhash:	butter-pennsylvania-charlie-finch
File name:	visa.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	17'920 bytes
First seen:	2021-04-09 18:20:34 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	17b461a082950fc6332228572138b80c (121 x CobaltStrike, 2 x Cobalt Strike)
ssdeep	192:jDMAe4Ckj19RZZ6wpSfu1bKcq5uHj7khBDSeKNH4XpP4yQBUbOj6kxiY:jDMAoKz6WtKEj7aBDiy4PbAY
Threatray	52 similar samples on MalwareBazaar
TLSH	19821B7FB60228E9C127D17CC9ED6771ADF27123416B271F2EB8C7302E219794A6D909
Reporter	JAMESWT_WT
Tags:	CobaltStrike

Intelligence

File Origin

# of uploads :

1

# of downloads :

597

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

visa.exe

Verdict:

No threats detected

Analysis date:

2021-04-09 18:21:13 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/a07757d9-e26f-4512-aaed-00b3a3a6201d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/133431/

Detection(s):

Win.Trojan.CobaltStrike-9044898-1

Win.Trojan.CobaltStrike-7899871-1

Win.Countermeasure.LoaderWinGeneric-9804845-2

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

CobaltStrike

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/fce384eb-fb85-4054-aa24-6cddc1ea7031

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/671688

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7bc0fdc6b2caf2175c49bfbf735c70e462424aa45cf5d193bd8788eddac08c8c/

Threat name:

Win64.Backdoor.CobaltStrike

Status:

Malicious

First seen:

2021-04-03 21:32:00 UTC

File Type:

PE+ (Exe)

AV detection:

38 of 48 (79.17%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

055672abeb2d5018279ea2ad039bfa752c1f8333c065e3830ba61b17a65f3731

15e0e180e82347fafbca2c87a64ae3425a5575c1181abaedae691ce0f866519b

21997a8180c9d1add6f4b7eb35d754d9a15acc614cdb5b11078eb5da661d9d3e

2949aec1094a9ecaaef168ef50885e49226bb9b46e8c015b74bc98772ac340e6

2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c

9a7d2b2c96ee9b7b0ddc1665988d935a719f04cdb2b2dd331ec36aa4f6597506

a8979ed3ebb02513d366e126a8f5e2830f7590207dc30bb936fb0ddfe4bd543b

e5fa7e3d66f99d172d3eba7af15276e7eb1958748832b8965b9eedba4cbfc90c

e99cc027c77bed5c1414225e39093bde66c654a9adfcca9cb3ddafa266410aea

f4d129a8289b89a4a8d385d89702bae3c7b5fcf9d32c3b1eee61bc0245bfb99a

+ 42 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/210409-9l3bezrvsj/

Behaviour

Cobaltstrike

Unpacked files

SH256 hash:

7bc0fdc6b2caf2175c49bfbf735c70e462424aa45cf5d193bd8788eddac08c8c

MD5 hash:

5046b4c2a231193546d561943408d4f3

SHA1 hash:

97efc5832ec79f0b831b3ad39be20a4e67b438e1

Link:

https://www.unpac.me/results/1883d75a-b54e-4441-a29d-1a184f0e6f25/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7bc0fdc6b2caf2175c49bfbf735c70e462424aa45cf5d193bd8788eddac08c8c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 7bc0fdc6b2caf2175c49bfbf735c70e462424aa45cf5d193bd8788eddac08c8c

(this sample)

X

https://twitter.com/malwrhunterteam/status/1380544640928133121?s=20

URLhaus

https://urlhaus.abuse.ch/url/1105199/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/133431/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample