MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f74f5eb8416d9522e703877e104ac7923cc3efeedaa1138b6221726b0d359096. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f74f5eb8416d9522e703877e104ac7923cc3efeedaa1138b6221726b0d359096
SHA3-384 hash: bc8d50d38d2f1778608256e67c3ebf25a2e269b4580c27ccb4e1376be45101b863a4c31414d6655b99db52c9d329252e
SHA1 hash: b71121dbd4acaac7177f1b360f9b2f0ab8c5374f
MD5 hash: 58bb1a095ab728f240d716b54891470b
humanhash: sierra-batman-butter-indigo
File name:58bb1a095ab728f240d716b54891470b.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:303'104 bytes
First seen:2020-12-22 08:29:13 UTC
Last seen:2020-12-22 10:34:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ef0bbad044408a92ad997ca3c7e2572c (2 x CobaltStrike)
ssdeep 6144:Dnn8Z+5+QszeGtirHTzIsENynaOXcdohLQmT1qZ5E:DnqU+bze/L/INNwio24+
Threatray 654 similar samples on MalwareBazaar
TLSH D4545A5DB29514F8ECA7837CCD425542E63278460772CAFF03A192672F276E4AE3BB11
Reporter abuse_ch
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
737
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
58bb1a095ab728f240d716b54891470b.exe
Verdict:
No threats detected
Analysis date:
2020-12-22 08:32:12 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/38cb1dbc-cbde-47a1-8ddd-51912a30d658

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108680/
Detection(s):
SecuriteInfo.com.Mal.Generic-S.14853.9929.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
DNS request
Sending a custom TCP request
Creating a file
Sending a UDP request
Creating a window
Unauthorized injection to a system process
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/568009
Signature
Allocates memory in foreign processes
Multi AV Scanner detection for submitted file
Queues an APC in another process (thread injection)
System process connects to network (likely due to code injection or exploit)
Writes to foreign memory regions
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f74f5eb8416d9522e703877e104ac7923cc3efeedaa1138b6221726b0d359096/
Threat name:
Win64.Hacktool.Atosev
Create hunting rule
Status:
Malicious
First seen:
2020-12-17 18:43:41 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=65hv5ocbnwksfzydq57baswhsi6mh37o3kqrhc3cefzgwdjvscla._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
080ef9f0362e415d3292125aa97d460f0499b6bec9596e2e580aef1fd7576e07
CobaltStrike
2af42a2047b16f2dea0038365058a8d8b7f71152117c371ce7f593e47aa785d1
CobaltStrike
49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a
CobaltStrike
5b958499b0f7e27eda1e628f1122be0ea4ac505faa931e26f4ff39f6ce1c648e
CobaltStrike
9282d409b92e1ebf58829283933edea243f7ccf3b68456139986c7cb5949522d
CobaltStrike
9ddc9ee2af5c7f4c792ea3b4887828ea5bf494c2591f4de09de456b94f142e7a
CobaltStrike
ce83f302a60301e222c23e67a7525106d610c6231c23d747ad4263669c1c88c7
CobaltStrike
e99cc027c77bed5c1414225e39093bde66c654a9adfcca9cb3ddafa266410aea
CobaltStrike
ec06102bf93522b24afce8e7641a0182b4bf0c53861599f22b5ee257ad1ee2d8
CobaltStrike
f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f
CobaltStrike
+ 644 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201222-4p4sn6kr66/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of NtCreateUserProcessOtherParentProcess
Unpacked files
SH256 hash:
f74f5eb8416d9522e703877e104ac7923cc3efeedaa1138b6221726b0d359096
MD5 hash:
58bb1a095ab728f240d716b54891470b
SHA1 hash:
b71121dbd4acaac7177f1b360f9b2f0ab8c5374f
Link:
https://www.unpac.me/results/30c85baa-c0fe-4e95-abb4-da4b8b100ed8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Virus
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f74f5eb8416d9522e703877e104ac7923cc3efeedaa1138b6221726b0d359096

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe f74f5eb8416d9522e703877e104ac7923cc3efeedaa1138b6221726b0d359096

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/937411/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/108680/

Comments