MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 000510235af88211cab033096f5607adfecd39ec459e764aad8415223e2c9247. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	000510235af88211cab033096f5607adfecd39ec459e764aad8415223e2c9247
SHA3-384 hash:	188491d3af43f6947d31936fa9738b74ec82f8b5ec7d17e07334e782e15b658fad774fa4ce9e7e991f1b8aca642dbf8d
SHA1 hash:	872d6e5e5d295899fcb19c55ceb0bb2cd5a8e263
MD5 hash:	4d3c1112af9c8a083c4b1806b13995ff
humanhash:	april-stairway-alabama-tango
File name:	4d3c1112af9c8a083c4b1806b13995ff.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	135'168 bytes
First seen:	2020-11-12 07:04:16 UTC
Last seen:	2024-07-24 10:39:00 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	b2f43bc848b23e7d9e95cf1471f7633c (1 x CobaltStrike)
ssdeep	1536:+Z/8lCcxL0UQwjXueQmlndQ0QG6HNjdQhz5pDKaGeeOc5t1zD/2gqu:Z7DdQ0x6fQtj6eeJ5tRm
Threatray	210 similar samples on MalwareBazaar
TLSH	DED39C2171C1C8B2D51625794846CBB55EBAF8310B755ACB7FD407BE8F293E28A36383
Reporter	abuse_ch
Tags:	CobaltStrike exe

Intelligence

File Origin

# of uploads :

3

# of downloads :

119

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.DeepScan.Generic.Exploit.Shellcode.1.2FFB68A8.16682.27907.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/531993

Signature

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/000510235af88211cab033096f5607adfecd39ec459e764aad8415223e2c9247/

Threat name:

Win32.Trojan.CobaltStrike

Status:

Malicious

First seen:

2020-10-28 01:29:36 UTC

AV detection:

20 of 27 (74.07%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=aacrai227cbbdsvqgmew6vqhvx7m2opmiwphmsvnqqkseprmsjdq._file

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

1fa49ff58cdc8aded5a0f36c0fc10e68ec7b6dc2f6fa6a8a93e0ceedaf47d524

4d71f1eab01045de9ae76ea248be7746bad70c12ad977eeb6e8f8e46bbce6395

514de96ef99941a0c9712622848b687b402b0635a4bb45cf1cee0002fe8cdfcd

5daf37825cdc2b41a078b9a4b73c62700c2a6e41ae7d696b3fa644310109c253

8bb24503e3418b4e1879c450818a21da05f7f3a54da7939b3f1733b45c9bb029

a68210378135bd42e9a1a8e854fb0cab06f58ffcab9a8583f0654fe9807c5555

b97b606aef81420a441aba88b42c44aa8e102390434be5714d33bb07645912d2

c786e4de11e64be8d4118cf8ba6b210e3396e3bb579f3afd4bf528c35bab4a6b

f56775b2bc86a692982b0013e1d3ed5445db708ebbb0e70001b9e6df1dfbd193

fc4c45524b459ee65fff5e9bc484cb1209cf89cff5e9e5a534d439533a95ceed

+ 200 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/201112-kaq51zgd4s/

Behaviour

Cobaltstrike

Malware Config

C2 Extraction:

http://217.12.218.250:443/questions/32251816/c-sharp-directives-compilation-error

Unpacked files

SH256 hash:

000510235af88211cab033096f5607adfecd39ec459e764aad8415223e2c9247

MD5 hash:

4d3c1112af9c8a083c4b1806b13995ff

SHA1 hash:

872d6e5e5d295899fcb19c55ceb0bb2cd5a8e263

Link:

https://www.unpac.me/results/2ddd3929-0ede-4c71-a52e-43e4a6d23378/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample