MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3f1d658545c3726233e696e3cea4d66d9a515d60f551ea01abfda00552e17da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3f1d658545c3726233e696e3cea4d66d9a515d60f551ea01abfda00552e17da
SHA3-384 hash: 8797709bc86593381f7de6858c8fe6f99a3a95cd5cf032eff6ec39e68e80ee88e9a7da27bd7ba914b368cad33f592b2b
SHA1 hash: de6f13b81a5a3461efa3e4b4fcdcb0401466a264
MD5 hash: bcd31277f852e79b57dbd2b81ae53e7a
humanhash: quebec-uniform-hawaii-sixteen
File name:asdfasdf.dll
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:944'640 bytes
First seen:2021-11-13 10:19:28 UTC
Last seen:2021-11-13 11:56:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a525d4d88000481b8302e8fc27bd5884 (1 x CobaltStrike)
ssdeep 24576:QeLSjjINcWnd5VUWPFEeXr3yAHqTmtxeQ:Q1jINcWdzaxyxeQ
Threatray 1'363 similar samples on MalwareBazaar
TLSH T160152A47E37341FCC96BC57487A6A732A930785841397E294F85EB222FA1F30953EB64
Reporter Anonymous
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
578
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
asdfasdf.dll
Verdict:
No threats detected
Analysis date:
2021-11-13 10:44:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/592e209f-8852-4f9b-9f3b-551a69b77788

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
CobaltStrikeBeacon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/205433/
Detection(s):
SecuriteInfo.com.Trojan.Win64.BAZARLOADER.SMYXBIMZ.24531.17377.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/618f9155dec3347825a37a1e/reports/3b8da24e-5ba1-4de2-8a63-4572b189b525/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Cobalt Strike
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d4bfea47-7d04-41ab-8c41-51c49ef7f24a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/888519
Signature
Sigma detected: CobaltStrike Load by Rundll32
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 520988 Sample: asdfasdf.dll Startdate: 13/11/2021 Architecture: WINDOWS Score: 48 28 Sigma detected: CobaltStrike Load by Rundll32 2->28 8 loaddll64.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 2 other processes 8->16 process5 18 rundll32.exe 10->18         started        20 WerFault.exe 9 12->20         started        22 WerFault.exe 9 14->22         started        24 WerFault.exe 9 16->24         started        process6 26 WerFault.exe 17 9 18->26         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d3f1d658545c3726233e696e3cea4d66d9a515d60f551ea01abfda00552e17da/
Threat name:
Win64.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2021-11-13 10:20:07 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
1055df2f38b4f540a99c23ecab450a4dc032c71579f41dd8314e892b3db21cfe
CobaltStrike
1c6ac3c02428dadf42ff0cdbb9fd065187417b0cf9b94fce4c17325319b8417e
CobaltStrike
1e35935ac6307baef04e92907b1afd15e1ee7f0ed990fa14cce8c01a9e45381e
CobaltStrike
364a38d0c2456cc21bc0d248c1233a8d0e47b988a03be3896ad760544b231336
CobaltStrike
37ebdaa9539ebdd7606e29dc66f048bb70042d03e75ddc01147cd8277ce0509b
CobaltStrike
43db644f33e96b7c734f682635fa7a0e5437a65871efe0f04ede0568e19c7c3f
CobaltStrike
5b07ccbbf8f7b7a34bf03a254431fe36cc34cfac41bb8a72c55b9050fa8696c9
CobaltStrike
7bffdca84095758005b4e272cb55bf0c5bdd1057ac98b0b1389af6fe3dbd7549
CobaltStrike
9acf5fad418be78ace0834e8e6b8891d83be69e14fe8b99a07b7d63e3595a520
CobaltStrike
cc1c6834480497598c17952b72e93f4b71ce4670f33558857e7ca87b55135013
CobaltStrike
+ 1'353 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike botnet:0 backdoor trojan
Link:
https://tria.ge/reports/211113-mc4m5abhbn/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Blocklisted process makes network request
Cobaltstrike
Malware Config
C2 Extraction:
http://dyk768uvtv1pm.cloudfront.net:443/access/
Unpacked files
SH256 hash:
d3f1d658545c3726233e696e3cea4d66d9a515d60f551ea01abfda00552e17da
MD5 hash:
bcd31277f852e79b57dbd2b81ae53e7a
SHA1 hash:
de6f13b81a5a3461efa3e4b4fcdcb0401466a264
Link:
https://www.unpac.me/results/9839e639-d20d-46ce-a99a-2f3a6d1ef4a9/
Malware family:
Cobalt Strike
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/d3f1d658545c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/205433/

Comments