MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8197a053d24a8e909e329029d73d9a4b50f9cac6f479f9b6ea70a76c3a3cbda7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	8197a053d24a8e909e329029d73d9a4b50f9cac6f479f9b6ea70a76c3a3cbda7
SHA3-384 hash:	e9faea56deb8446340da27f9310a06d742046883fddaa03de4b47dabf139182022f68e4d205271bd46adddcb0ce52049
SHA1 hash:	a5d61b3eeed9ba7740a745d36d7a37aa3325048d
MD5 hash:	4f995b5838b83700e709c3138519038f
humanhash:	india-cup-island-fourteen
File name:	webex.dll
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	287'232 bytes
First seen:	2022-02-09 10:10:02 UTC
Last seen:	2022-02-09 11:57:23 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	2c0a6bc02ee688bace98f94945a0de71 (1 x CobaltStrike)
ssdeep	6144:oT4gkm3CXV4H3PVo1oRGB0WRHcAYoOlCHLylwn6blu:BGb3qrB0WSAROaylwe8
Threatray	227 similar samples on MalwareBazaar
TLSH	T167547CF7F06A1E8FC12810F51CE68FE07BA3A944109149B4D2C989B9E4D7D74F9993E2
Reporter	madjack_red
Tags:	CobaltStrike exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

1'137

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/239364/

Detection(s):

SecuriteInfo.com.DeepScan.Generic.Beacon.B.A65B5B79.24719.22650.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Launching the default Windows debugger (dwwin.exe)

Searching for the window

DNS request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/6463/overview

Behaviour

MalwareBazaar

CallSleep

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/6203930a4077c8b9a025e060/reports/fc9a448d-411c-4db3-bac8-2527356d7879/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Cobalt Strike

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/8f9f48d5-3f99-4165-9756-77b4f7aa9298

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/936728

Behaviour

Behavior Graph:

n/a

Detection:

cobaltstrike

Link:

https://mwdb.cert.pl/sample/8197a053d24a8e909e329029d73d9a4b50f9cac6f479f9b6ea70a76c3a3cbda7/

Threat name:

Win64.Trojan.CobaltStrike

Status:

Malicious

First seen:

2022-02-09 10:25:20 UTC

File Type:

PE+ (Dll)

AV detection:

12 of 42 (28.57%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

080c2647fb26ac8576014a21591465eba5b0ee03475f70e95bc3a4caa8d3642e

6cc8e13f66166e615a847f9444a0258b0e7a01fb8e607c49c482b2b4d50cd829

7608d92da7de2b284264bf62c82d0070a328cb70a068a5232f10c849f19b96ac

7920fb3873012f1abef8c2abfb905e53317595874985f24b23fb318b54b1e243

8344424b2ab65b90171d02df7f9f8625308284c4b25e0e489c005f9c164784c2

d3f1d658545c3726233e696e3cea4d66d9a515d60f551ea01abfda00552e17da

e292bf04e0c03341436ab4411ddde881129db4904ae2234952f3a655f14d5cb7

+ 217 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

4/10

Tags:

n/a

Link:

https://tria.ge/reports/220209-l7dvhshhc8/

Behaviour

Suspicious use of AdjustPrivilegeToken

Program crash

Drops file in Windows directory

Unpacked files

SH256 hash:

8197a053d24a8e909e329029d73d9a4b50f9cac6f479f9b6ea70a76c3a3cbda7

MD5 hash:

4f995b5838b83700e709c3138519038f

SHA1 hash:

a5d61b3eeed9ba7740a745d36d7a37aa3325048d

Link:

https://www.unpac.me/results/9da9f638-bf1e-44d9-a1b5-a6440511637c/

Malware family:

Cobalt Strike

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/8197a053d24a/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/239364/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample