MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8270d45e0ff9f3bf19cb0bcaf72e21190d3c404ccd79e7b773b4ba3b915f37cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8270d45e0ff9f3bf19cb0bcaf72e21190d3c404ccd79e7b773b4ba3b915f37cd
SHA3-384 hash: 90c0048456d913498439ea014ba393bf9725ae4ac027f6df584abfab15f6451b58bf9a113f0d0000479849dbb3c6bd72
SHA1 hash: 6728fd15f07d9ad65ff218d6653797c6455e61b7
MD5 hash: 14409ca75df0708ee42c2b7b17444e6a
humanhash: seven-west-tango-king
File name:109.92.125.166_stageless.exe.malw
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:251'392 bytes
First seen:2020-07-11 14:35:54 UTC
Last seen:2020-07-11 16:19:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 481f47bbb2c9c21e108d65f52b04c448 (257 x Meterpreter, 93 x Metasploit, 33 x ShikataGaNai)
ssdeep 6144:vqGdXu6wj0Nc8Qs2QKb0Y34gNTTblgjV:Dlu6QuKb4gNTfijV
Threatray 24 similar samples on MalwareBazaar
TLSH F1349E02F5C08032C1AB127916BB6F321A7DBC7257668A5F7B98CC895FB44C0A73A757
Reporter ov3rflow1
Tags:CobaltStrike malw

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/24688/
Detection(s):
SecuriteInfo.com.GenericX.183.27003.12558.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Connection attempt
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8270d45e0ff9f3bf19cb0bcaf72e21190d3c404ccd79e7b773b4ba3b915f37cd/
Threat name:
Win32.Backdoor.Meterpreter
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 09:05:38 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
45ccf8e379c900f0c7496e4debe1ad4550256f6162383baba5f1344e5d9ca250
CobaltStrike
5199bcc83cf3eb34e56478868237b872fe3795b3ee5b04395ac805a98425801d
CobaltStrike
62d2e3131e68b84b46765a9faa25e2173fa546fd875b99fac3422e7e02a84738
CobaltStrike
690e1f519a5ca9a1698ae738ca06c030380779a1a989cefb6dff7025e4c5baed
CobaltStrike
73734a1299a26708c8137b3c10bf6f8b78b2881d535451166eaf32a74cf05724
CobaltStrike
990c81ff3bcd5d3b332e34c57462a3560c588322828d3953266e801eb4e52c2e
CobaltStrike
b13f42d26dbbe2481ff01fe2987be00bd907d203db78f5384fc12273708b4a09
CobaltStrike
ce7fab69a6c10146ac89e121fbe204ca424cd886c4763674eb2e9260b2f6b722
CobaltStrike
d27db19db72691d403d38243719346bca79efb3f81b6c44d9fd3cd9dfff83b9d
CobaltStrike
dc4e1c802da2d466553edf5214995a10c49306b9dd9d87a90385c7f20f29adca
CobaltStrike
+ 14 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike
Link:
https://tria.ge/reports/200711-x2ypeftass/
Behaviour
Cobaltstrike family
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ReflectiveLoader
Create hunting rule
Description:Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/24688/

Comments