MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2bcce439cb511eca635e14943b916e86a121c7062ac978437d2d080a54fff26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	a2bcce439cb511eca635e14943b916e86a121c7062ac978437d2d080a54fff26
SHA3-384 hash:	f0272282ef78e80c30cd46c1a708ae5f5a2680f3efaad12abc91279ebd6a9e31f5400fde7b02e8be8cab2916ad21cfc0
SHA1 hash:	017e62c3134774e2fddd86b09ab47dbd36b9321e
MD5 hash:	c1eecf344674d9ea8db134e5d17261a0
humanhash:	five-enemy-sixteen-massachusetts
File name:	c1eecf344674d9ea8db134e5d17261a0.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	284'672 bytes
First seen:	2021-02-22 07:24:58 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	dc25ee78e2ef4d36faa0badf1e7461c9 (118 x CobaltStrike, 5 x Cobalt Strike)
ssdeep	3072:XRqA1CYo8qguBSXo8Na17AfbLqkrvaNgCl6u8whomY0/Tz:XRsYagQwo8s17NkLBCOwWmPTz
Threatray	236 similar samples on MalwareBazaar
TLSH	5D54CF41CCB53C45EF95463B9AED8735A9BF00C1303D7327CFE59C9A2A4A5D0E864B89
Reporter	abuse_ch
Tags:	CobaltStrike exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

191

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/118232/

Detection(s):

Win.Trojan.CobaltStrike-7899872-1

Win.Countermeasure.LoaderWinGeneric-9804845-2

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/613818

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a2bcce439cb511eca635e14943b916e86a121c7062ac978437d2d080a54fff26/

Threat name:

Win32.Trojan.CobaltStrike

Status:

Malicious

First seen:

2021-02-22 07:03:20 UTC

AV detection:

41 of 46 (89.13%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

10b429dee7953e57c10798ffe22a196f768557cfb34e7fb338310d19cbfa09a6

1c330c3c27432b209b502cbb22ed35eaf761366511a95539b3624117d7f6c40c

4598fc224cd68101ae1aa21a42dea35d204c8c00469d39fd4ce09b05c48eee0a

7fa4ef5925f7374a93494b97a6ab43b0951c2d504972bbf43f9d29398e55481f

89953e46e46ae3328a4739bb8af245c17cdb5b64543ceba6eded682d37f4c94c

af3f3371e861b0d5225069256c8561217a2f3ecd5dde0554e2856e4e15222bd5

b261e707e2548a01829a5a01ed2f34025b7dec5c2b5b60fd653b10a86585ae57

cf9f6a9389651599d4dd42b160643841cc1602b4dc4065ce4fbceaec0d8656d1

e844577efbd9d78da8849997491807f1f9d3ae7d7f010363e2c25c6de2687eba

e8b23f70120b69886cd4ec64fc1dea36c4c9d6ee0d07d31c83e34e4a56ede56f

+ 226 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/210222-hrp62day1n/

Behaviour

Cobaltstrike

Malware Config

C2 Extraction:

http://gig1bits.com:443/mobile-ipad-home

Unpacked files

SH256 hash:

a2bcce439cb511eca635e14943b916e86a121c7062ac978437d2d080a54fff26

MD5 hash:

c1eecf344674d9ea8db134e5d17261a0

SHA1 hash:

017e62c3134774e2fddd86b09ab47dbd36b9321e

Link:

https://www.unpac.me/results/b79625b9-26d4-494a-922a-28f59c4315f9/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/118232/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample