MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a8979ed3ebb02513d366e126a8f5e2830f7590207dc30bb936fb0ddfe4bd543b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a8979ed3ebb02513d366e126a8f5e2830f7590207dc30bb936fb0ddfe4bd543b
SHA3-384 hash: 5c6bbe93da847aac9af9eb19ab20bfcfc7829169241c2e6775bd9b91a4a48e3a7ae30f66147a1a7f049b08178f3638ca
SHA1 hash: 4633a9483b0db5923676190c199fceb9abc8a559
MD5 hash: dbd9daa5792cca9caa4a6278617f82d9
humanhash: carbon-foxtrot-single-cold
File name:a8979ed3ebb02513d366e126a8f5e2830f7590207dc30bb936fb0ddfe4bd543b
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:17'920 bytes
First seen:2021-03-11 08:06:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 17b461a082950fc6332228572138b80c (121 x CobaltStrike, 2 x Cobalt Strike)
ssdeep 192:NDMAe4Ckj19RZZ6wpSfu1bKcq5uHj7khBDSeKNH46CKfBjYBUbOj6kxiY:NDMAoKz6WtKEj7aBDigKZjYbAY
Threatray 46 similar samples on MalwareBazaar
TLSH 46821A7FB64224E9C12BD178C9EA6771ADF2B423416B271F2AB8C7302E20979453D909
Reporter JAMESWT_WT
Tags:65.49.201.116 Cobalt Strike CobaltStrike

Intelligence

File Origin
# of uploads :
1
# of downloads :
589
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a8979ed3ebb02513d366e126a8f5e2830f7590207dc30bb936fb0ddfe4bd543b
Verdict:
No threats detected
Analysis date:
2021-03-11 08:09:11 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6438ef27-6de9-4d74-9f52-24fea3fcdee0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/123752/
Detection(s):
Win.Trojan.CobaltStrike-9044898-1
Create hunting rule

Win.Trojan.CobaltStrike-7899871-1
Create hunting rule

Win.Countermeasure.LoaderWinGeneric-9804845-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/636579
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a8979ed3ebb02513d366e126a8f5e2830f7590207dc30bb936fb0ddfe4bd543b/
Threat name:
Win64.Backdoor.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2021-03-04 12:22:53 UTC
File Type:
PE+ (Exe)
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0987cbf31ed36600d0e176b15737104286f5fc52b75798465331629975a34368
CobaltStrike
2738a5551efd8282120f471d8717d174d356cdf5ce74441b9941df3fe8f28e37
CobaltStrike
2949aec1094a9ecaaef168ef50885e49226bb9b46e8c015b74bc98772ac340e6
CobaltStrike
2b37d1cc352523550bc54e25ed9d5c6f4924f597d006a854e5f4336f0251163e
CobaltStrike
2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c
CobaltStrike
86ecb5b31182eb2fd094398cbc5a7f3d20aa6a661a733294009d14cd7ba19224
CobaltStrike
9a7d2b2c96ee9b7b0ddc1665988d935a719f04cdb2b2dd331ec36aa4f6597506
CobaltStrike
b688dd3b5c68db421a7a5d1cdd19ad7a847771c7f7ad33fe9a0f74e475428c83
CobaltStrike
dc504935b4a0f6059ba40c20803c7cf22b5c3a5f0b20226e36003df979bcbd4a
CobaltStrike
fb780f623a78c9b5aa8a279430731b84d0efe937ea5684f80182e4f896e8e288
CobaltStrike
+ 36 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/210311-c19trqv1ka/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Cobaltstrike
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
a8979ed3ebb02513d366e126a8f5e2830f7590207dc30bb936fb0ddfe4bd543b
MD5 hash:
dbd9daa5792cca9caa4a6278617f82d9
SHA1 hash:
4633a9483b0db5923676190c199fceb9abc8a559
Link:
https://www.unpac.me/results/7ee3fc3d-6020-4445-a404-04604e41252c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
CobaltStrike
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a8979ed3ebb02513d366e126a8f5e2830f7590207dc30bb936fb0ddfe4bd543b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/malwrhunterteam/status/1369650849446789123?s=20
Cape
Cape
https://www.capesandbox.com/analysis/123752/

Comments