MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ecb843e273a1466cc30236163514fc5ec75031651448b30ba2f163578c62bb5b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	ecb843e273a1466cc30236163514fc5ec75031651448b30ba2f163578c62bb5b
SHA3-384 hash:	0cd4040608010b19325cfc40ca3de7534b8b36851f089bce3c9c4bb71c61723aad2c25dccf37014f9428836ecc85d928
SHA1 hash:	108ab8999f76f2b10c3272986235bd88b9b74c60
MD5 hash:	78e0903dd7bf20630b13d1d76801b545
humanhash:	august-illinois-coffee-jersey
File name:	360Download.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	496'640 bytes
First seen:	2021-04-29 20:30:03 UTC
Last seen:	2021-04-29 22:16:02 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	6e4112b289e40bc30768760753501ed6 (1 x CobaltStrike)
ssdeep	6144:PSSlfW/qaqHTn7zdJnD5A7YtYBxsuABu4C+nhofomEURpGHiWAyukYM47m9CIIr9:VVNTHYsEZOhA7q7IB
Threatray	697 similar samples on MalwareBazaar
TLSH	6EB4BD4465181CE8F03462B3D29FE3323D06E59E0E6D4AE3BC492E69777D18919BFC92
Reporter	James_inthe_box
Tags:	CobaltStrike exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

570

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/146840/

Detection(s):

SecuriteInfo.com.Mal.EncPk-AQA.29633.7813.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

DNS request

Sending a custom TCP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/703124

Signature

C2 URLs / IPs found in malware configuration

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ecb843e273a1466cc30236163514fc5ec75031651448b30ba2f163578c62bb5b/

Threat name:

Win64.Trojan.CobaltStrike

Status:

Malicious

First seen:

2021-04-29 20:29:56 UTC

File Type:

PE+ (Exe)

Extracted files:

22

AV detection:

8 of 29 (27.59%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=5s4ehyttufdgzqycgyldkfh4l3dvamlfcrelgc5c6frvpddcxnnq._file

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

0240347f0a7e6318facda5d29103c2dba44ef0d45f76706cd5ade058a69c0c55

03729ae2db20f485c0b83fbf36d2a22d629137deb2032bf972132db9f2805882

0ec8d01e78f2157589701925ec97ada690046fa17ca65a0db766d96533529aab

452363ce4a4695a985d5a6200de2b43692f7e0d4df11f0b30b42fc78a0cc9440

7e8a4bbdc12c7caefb486b28be1eebf0e35a8ad5f745aae17abbe7f40aff661f

9127f4731cb668c005941f22e29406e5973f97a54faa0ea3d8b91b163e37b19a

a93eb70cc4152e32cd3a39fda968b2da5ade48453927410a0d520f2d13223d11

cb01f31a322572035cf19f6cda00bcf1d8235dcc692588810405d0fc6e8d239c

dbafbe9edfdac67a781756a6970a7341fd5401b0914fff7e3e8136cff0426fc5

f25295fc7d3435f80f39e602465da255ee0ace3d845315dac8731873adff894d

+ 687 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

9/10

Tags:

cryptone packer

Link:

https://tria.ge/reports/210429-42r9mebbm2/

Behaviour

Modifies system certificate store

Suspicious use of NtCreateThreadExHideFromDebugger

Unpacked files

SH256 hash:

ecb843e273a1466cc30236163514fc5ec75031651448b30ba2f163578c62bb5b

MD5 hash:

78e0903dd7bf20630b13d1d76801b545

SHA1 hash:

108ab8999f76f2b10c3272986235bd88b9b74c60

Link:

https://www.unpac.me/results/859c1eff-4e4e-4af2-b61f-8725537a9c81/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ecb843e273a1466cc30236163514fc5ec75031651448b30ba2f163578c62bb5b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/146840/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample