MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4ca63aeb4e3246c5d923942497d650bc3920c9fbc78a330ecf9d7db67e0cb8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4ca63aeb4e3246c5d923942497d650bc3920c9fbc78a330ecf9d7db67e0cb8f
SHA3-384 hash: b90de1ba25ab6425983e89b1f69cf4b639153115019112eac7c0bca0f8aace6ce5ef316c36219856b8b4babceb728534
SHA1 hash: 3f1b5a1a9462aaacccc236ca0d939fb1e99031f2
MD5 hash: 19cbc0f0a9b33c122f2ff1291f6e678a
humanhash: vermont-video-muppet-ten
File name:f4ca63aeb4e3246c5d923942497d650bc3920c9fbc78a330ecf9d7db67e0cb8f
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:14'336 bytes
First seen:2021-03-17 12:35:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dc25ee78e2ef4d36faa0badf1e7461c9 (118 x CobaltStrike, 5 x Cobalt Strike)
ssdeep 192:AsH+DgGK83SxHn2OQ/dmBI4KBfTgir+xz0eAu8nbqUqV/Qjo7AGa:AA+kGKqbOCdWIVBff+xz0eAuifCXAn
Threatray 239 similar samples on MalwareBazaar
TLSH 08521935EA4378F2FD1A897004EAB6FFAFB3E2238C105CD6CF94E94158234A9480665D
Reporter JAMESWT_WT
Tags:CobaltStrike

Intelligence

File Origin
# of uploads :
1
# of downloads :
519
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f4ca63aeb4e3246c5d923942497d650bc3920c9fbc78a330ecf9d7db67e0cb8f
Verdict:
Suspicious activity
Analysis date:
2021-03-17 12:55:24 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/21480faf-5820-4964-af57-60eb3afa1938

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/124545/
Detection(s):
Win.Trojan.CobaltStrike-7899872-1
Create hunting rule

Win.Countermeasure.LoaderWinGeneric-9804845-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
DNS request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/642224
Signature
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4ca63aeb4e3246c5d923942497d650bc3920c9fbc78a330ecf9d7db67e0cb8f/
Threat name:
Win32.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2021-03-11 01:17:00 UTC
File Type:
PE (Exe)
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
0e30a27d44484b9baa56e7b6050581e3edc3bd1b426057c85824d0cac493a3f1
CobaltStrike
10b429dee7953e57c10798ffe22a196f768557cfb34e7fb338310d19cbfa09a6
CobaltStrike
1c330c3c27432b209b502cbb22ed35eaf761366511a95539b3624117d7f6c40c
CobaltStrike
287aae0d0192654d709742977dfb6219856096d8b05cf7592b2adfd96bb2d976
CobaltStrike
4598fc224cd68101ae1aa21a42dea35d204c8c00469d39fd4ce09b05c48eee0a
CobaltStrike
8af8a2aa6d8db7a9bf93620814017b5296713963b74aba38eb7a35e62dcb7d3e
CobaltStrike
b261e707e2548a01829a5a01ed2f34025b7dec5c2b5b60fd653b10a86585ae57
CobaltStrike
e844577efbd9d78da8849997491807f1f9d3ae7d7f010363e2c25c6de2687eba
CobaltStrike
f026659380293aebc45bc97cd4aeee19c96e8ae5b88673283f2ed113bed4110f
CobaltStrike
fe6dcf38ecfeb4612ff8c59aa72afad19222bc181464e4b4690f19045bb2f9b5
CobaltStrike
+ 229 additional samples on MalwareBazaar
Result
Malware family:
metasploit
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike family:metasploit backdoor trojan
Link:
https://tria.ge/reports/210317-st4b74awmj/
Behaviour
Modifies system certificate store
Cobaltstrike
MetaSploit
Malware Config
C2 Extraction:
http://143.110.225.14:443/api/v1/user/512/avatar
http://ajax.microsoft.com:443/api2/json/cluster/tasks
http://ajax.microsoft.com:443/v3/links/ping-centre
Unpacked files
SH256 hash:
f4ca63aeb4e3246c5d923942497d650bc3920c9fbc78a330ecf9d7db67e0cb8f
MD5 hash:
19cbc0f0a9b33c122f2ff1291f6e678a
SHA1 hash:
3f1b5a1a9462aaacccc236ca0d939fb1e99031f2
Link:
https://www.unpac.me/results/be6bcf65-2f0e-44a6-9494-aacc0c9bf7f4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f4ca63aeb4e3246c5d923942497d650bc3920c9fbc78a330ecf9d7db67e0cb8f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/malwrhunterteam/status/1372163707300642821?s=20
Cape
Cape
https://www.capesandbox.com/analysis/124545/

Comments