MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cedf2f478d0acc217522682a10f37c28894733f15f80df85333c7894043dcd98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 16

Intelligence 16 IOCs YARA File information Comments

SHA256 hash:	cedf2f478d0acc217522682a10f37c28894733f15f80df85333c7894043dcd98
SHA3-384 hash:	8326ca69727206f08b5aec881e676b48bf527c5b5f7c5f447a0b2c1558fbcde2126b15e6f34bd8ba5acf8700bc7f1acd
SHA1 hash:	7889a2a43a5c1138d85866b24b83ff515af1d009
MD5 hash:	e0e3ca76d27943d890cad7e341d3a477
humanhash:	beer-ohio-michigan-mobile
File name:	111.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	955'392 bytes
First seen:	2023-01-18 21:20:54 UTC
Last seen:	2023-01-19 00:42:53 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	3e57ff142f73fb4395fb4fdc78fa7435 (1 x CobaltStrike)
ssdeep	24576:XucvBP7N6G7Thv+aHnL4oL/80naUviycsak1/uWpW1f:l79MoLxnNKW
Threatray	271 similar samples on MalwareBazaar
TLSH	T1E815AE56BB9842F9E17AC13A8482926BF7F1B4070B3097CB03A5065B1F7B6E49D3E711
TrID	48.7% (.EXE) Win64 Executable (generic) (10523/12/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter	malware_traffic
Tags:	Beacon Cobalt Strike CobaltStrike exe

Intelligence

File Origin

# of uploads :

# of downloads :

346

Origin country :

Vendor Threat Intelligence

Malware family:

cobaltstrike

ID:

File name:

111.exe

Verdict:

Malicious activity

Analysis date:

2023-01-18 21:25:47 UTC

Tags:

cobaltstrike

Link:

https://app.any.run/tasks/eb44a973-50d5-4e44-9659-e7ab2a8665cc

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

CobaltStrikeBeacon

Link:

https://www.capesandbox.com/analysis/354265/

Detection(s):

SecuriteInfo.com.Mal.Generic-S.25067.28170.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

DNS request

Sending a custom TCP request

Sending an HTTP GET request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/61295/overview

Behaviour

MalwareBazaar

MeasuringTime

CheckCmdLine

EvasionQueryPerformanceCounter

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/63c862bfafdaca54d4393105/reports/f742afaf-e2a1-4f02-9813-a97e1bf22bc1/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Cobalt Strike

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/65dca121-be9a-4951-865c-e8d2b416df97

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1154194

Signature

C2 URLs / IPs found in malware configuration

Malicious sample detected (through community Yara rule)

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cedf2f478d0acc217522682a10f37c28894733f15f80df85333c7894043dcd98/

Threat name:

Win64.Backdoor.CobaltStrikeBeacon

Status:

Malicious

First seen:

2023-01-18 21:21:08 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

16 of 26 (61.54%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=z3ps6r4nblgcc5jcnavbb434fceuom7rl6an7bjthr4jibb5zwma._file

Verdict:

malicious

Label(s):

cobaltstrike

CobaltStrike

6237b5f8b6ee20c3fad9463266a4a7c787f2738f71dc81792cd6a0efe38b8685

CobaltStrike

8197a053d24a8e909e329029d73d9a4b50f9cac6f479f9b6ea70a76c3a3cbda7

CobaltStrike

8b15ccdec9dac18862d8a43b2e1a55760166b98ab2166de9979e8f0ae8f915b1

CobaltStrike

96f1143875956621e590d05da84a3b75d498ecbf6afda44208894c2f51a8464b

CobaltStrike

b239b5d05aba2f98cbc955c1b88884495db53f5b3a3381b94db1aa76e3ed67a1

CobaltStrike

+ 261 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:0 backdoor trojan

Link:

https://tria.ge/reports/230118-z7bbaaeh7v/

Behaviour

Modifies system certificate store

Cobaltstrike

Unpacked files

SH256 hash:

8ffb398ba4305692e0444df1236b0c20ee2a0d57eea1b05d4c3ee9d2ffd9dc08

MD5 hash:

51339d9d0e5cc532d178a054f67aa253

SHA1 hash:

b39e14433a7af10965a4448167c06ef8742214ca

Detections:

cobaltstrike_xor_config

win_cobalt_strike_auto

Link:

https://www.unpac.me/results/a8e9c31d-7460-43ff-babb-83f33be274e3/

SH256 hash:

cedf2f478d0acc217522682a10f37c28894733f15f80df85333c7894043dcd98

MD5 hash:

e0e3ca76d27943d890cad7e341d3a477

SHA1 hash:

7889a2a43a5c1138d85866b24b83ff515af1d009

Link:

https://www.unpac.me/results/a8e9c31d-7460-43ff-babb-83f33be274e3/

Malware family:

CobaltStrike

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/cedf2f478d0a/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cedf2f478d0acc217522682a10f37c28894733f15f80df85333c7894043dcd98

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

exe cedf2f478d0acc217522682a10f37c28894733f15f80df85333c7894043dcd98

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2511704/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/354265/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample