MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c98a4e73814c3e5571f7210aa1226cb01e79c98fa5d41ade0b34bb8298f2b09b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	c98a4e73814c3e5571f7210aa1226cb01e79c98fa5d41ade0b34bb8298f2b09b
SHA3-384 hash:	d043aa93bb1b3a7d611848017d0d280032ae91515e5abd2a211e389030584c796f18b1132619910fca3171a57880c98b
SHA1 hash:	0087078c57eee445d52b14800af568a645b929dc
MD5 hash:	c9a4f485bbdbc9f757c42bc396669a28
humanhash:	table-west-mountain-five
File name:	c98a4e73814c3e5571f7210aa1226cb01e79c98fa5d41ade0b34bb8298f2b09b
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	172'544 bytes
First seen:	2020-08-31 13:09:00 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	481f47bbb2c9c21e108d65f52b04c448 (257 x Meterpreter, 93 x Metasploit, 33 x ShikataGaNai)
ssdeep	3072:yzqTC/VXu6wsLe0Nc8QsCWynpPuncRAzzN5Iw/n0Hba3a13XtLb6Zvoz1BBbaR:eqGdXu6wsC0Nc8QsEngn+AzzdP0HbaKm
Threatray	9 similar samples on MalwareBazaar
TLSH	01F30945DDE00026D5B2303EDBBFE130DA61B091729A8B775D48D7144ADDC62EB83AEE
Reporter	JAMESWT_WT
Tags:	101.132.33.79 CobaltStrike

Intelligence

File Origin

# of uploads :

1

# of downloads :

89

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/53558/

Detection(s):

Win.Exploit.Alpha_Upper-1

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Sending a UDP request

Result

Threat name:

Metasploit

Detection:

malicious

Classification:

troj

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/455508

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Metasploit Payload

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c98a4e73814c3e5571f7210aa1226cb01e79c98fa5d41ade0b34bb8298f2b09b/

Threat name:

Win32.Trojan.Rozena

Status:

Malicious

First seen:

2018-11-29 07:04:00 UTC

File Type:

PE (Exe)

AV detection:

39 of 48 (81.25%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=zgfe444bjq7fk4pxeefkcitmwaphtsmpuxkbvxqlgs5yfghswcnq._file

Verdict:

unknown

Similar samples:

580cc9e785ffa316f63b39365e7f21a570404fd833046d09e5e132aadde7a4ba

5e81e0f0aa8ff34a845b62472a3d2a83fa43ee47819dbc841d8004b64ffd79fc

690e1f519a5ca9a1698ae738ca06c030380779a1a989cefb6dff7025e4c5baed

8270d45e0ff9f3bf19cb0bcaf72e21190d3c404ccd79e7b773b4ba3b915f37cd

990c81ff3bcd5d3b332e34c57462a3560c588322828d3953266e801eb4e52c2e

b13f42d26dbbe2481ff01fe2987be00bd907d203db78f5384fc12273708b4a09

c116950f9ffd9a40a5b2d139311118bbbde55e751d5c2af99814a801f6236be2

c69659689b7727a9478bc248fb3395fb487df4542f14503420b750fd64765e35

e050425e51b6c04333e0b93b6a9e30b454adec91161e010f24c2b2b7be451279

Result

Malware family:

n/a

Score:

4/10

Tags:

n/a

Link:

https://tria.ge/reports/200831-dfeba9sqmn/

Behaviour

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Drops file in Windows directory

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

XPACK

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c98a4e73814c3e5571f7210aa1226cb01e79c98fa5d41ade0b34bb8298f2b09b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/53558/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample