MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c69659689b7727a9478bc248fb3395fb487df4542f14503420b750fd64765e35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	c69659689b7727a9478bc248fb3395fb487df4542f14503420b750fd64765e35
SHA3-384 hash:	30e67cc51198f4e37c3033f3c181a92501a0e4cba21c5112417a300ef4c4cf6cd58d042362288501ba31e76851a4b1b8
SHA1 hash:	9d6bfd63ae7a90fba0e67d246a8fd3bccdc99e1a
MD5 hash:	ad9323946328fa77d0106b8577db014e
humanhash:	alaska-timing-skylark-fifteen
File name:	cobaltstrike_shellcode.bin
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	284'160 bytes
First seen:	2020-07-22 11:31:34 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	481f47bbb2c9c21e108d65f52b04c448 (257 x Meterpreter, 93 x Metasploit, 33 x ShikataGaNai)
ssdeep	6144:lqGdXu6w80Nc8QsPHVz0KIunvxYGcDIjs57CeB0NBKf1yO7Ow8:Nlu6vqSKIunvxtkIjU/0yr7Ow
Threatray	74 similar samples on MalwareBazaar
TLSH	6854DF119F8D8317C749123F84602E77C136756FF205628FAA5FCA748BF00E1A697B6A
Reporter	JAMESWT_WT
Tags:	CobaltStrike

Intelligence

File Origin

# of uploads :

1

# of downloads :

97

Origin country :

n/a

Vendor Threat Intelligence

Detection:

CobaltStrikeBeacon

Link:

https://www.capesandbox.com/analysis/31150/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Sending a custom TCP request

Sending an HTTP GET request

Result

Threat name:

CobaltStrike Metasploit

Detection:

malicious

Classification:

troj.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/395023

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c69659689b7727a9478bc248fb3395fb487df4542f14503420b750fd64765e35/

Threat name:

Win32.Trojan.Rozena

Status:

Malicious

First seen:

2020-07-22 11:30:47 UTC

File Type:

PE (Exe)

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=y2lfs2e3o4t2sr4lyjepwm4v7neh35cuf4kfanbaw5ip2zdwly2q._file

Verdict:

malicious

Similar samples:

3eeac52f9036116d189ca4aa82022efc7a764abe9d559129e6b3720cff203fd9

4d8232c8973ec2c528be5f380b9f027a7221023e2b2e774403a8839385b2e197

57a395267a680f4909efd096007d6ec86254502ae1c33a70733f0ccef85c4791

580cc9e785ffa316f63b39365e7f21a570404fd833046d09e5e132aadde7a4ba

5e81e0f0aa8ff34a845b62472a3d2a83fa43ee47819dbc841d8004b64ffd79fc

65b353273d5aa143b6ad5fc5ee4af51930ccef9ea96d07345a619f8950d1132d

70e96ab0deb629da68b0af277376f4598c1062064beecedf3ee8d72de0a9b1a1

e050425e51b6c04333e0b93b6a9e30b454adec91161e010f24c2b2b7be451279

e05f6dab54210a041235191663afd7f296c4733e42d9f09b971a9861bf317df8

ec80dafae2b435962d141d4137ba9e9b84d36c5933828c490d113a88b9c4d2a5

+ 64 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200722-w536815ns6/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c69659689b7727a9478bc248fb3395fb487df4542f14503420b750fd64765e35

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/31150/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample