MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0461700051e86d2c7bb96b3151db07507a6cb7c05d235e39b001823f70f8b130. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	0461700051e86d2c7bb96b3151db07507a6cb7c05d235e39b001823f70f8b130
SHA3-384 hash:	e70cdcd99b8190d73e431cf10e7d53e98fb504815858a4dc8eaeaa487f6b2b35da256a69c572bba46bf63fb028e4c2ce
SHA1 hash:	96ed99c2f0ac2896369221fd9539847088f4abe5
MD5 hash:	2d3bd5579f6a54cac49a26142f2d4de1
humanhash:	victor-finch-leopard-angel
File name:	2d3bd5579f6a54cac49a26142f2d4de1.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	160'768 bytes
First seen:	2022-11-08 14:20:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9aebf3da4677af9275c461261e5abde3 (25 x YTStealer, 12 x CobaltStrike, 11 x Hive)
ssdeep	3072:SEoWpC7otJ4rI2+vx6WF8kOuR+zsPKJRA5keJVMqK1PghFwFWxdUZT+fZwGW/:rz1tJvvx6Wik9R+mJPKlOwMnBfZq
TLSH	T1E1F312C7502945EFC7A568B73B49CE136C4DAA6649E2CDFD0F0120662A74E34B87DB03
TrID	64.7% (.EXE) UPX compressed Win64 Executable (70117/5/12) 24.9% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.EXE) OS/2 Executable (generic) (2029/13) 1.8% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	abuse_ch
Tags:	CobaltStrike exe

abuse_ch

None C2:
101.34.93.112:4443

Intelligence

File Origin

# of uploads :

# of downloads :

210

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

2d3bd5579f6a54cac49a26142f2d4de1.exe

Verdict:

No threats detected

Analysis date:

2022-11-08 14:21:36 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/736a53f3-ff98-40bc-bc40-4c64c180e77d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

CobaltStrikeBeacon

Link:

https://www.capesandbox.com/analysis/330580/

Detection(s):

Win.Malware.Ursu-9943786-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/50106/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/636a65d11b78baadf87fabc1/reports/f83947a2-3a74-46d4-bd87-f182cff9afe3/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/f0e647cd-d8ba-47c4-b2a8-592c883fc28e

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1108269

Signature

C2 URLs / IPs found in malware configuration

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Download SVG

Detection:

cobaltstrike

Link:

https://mwdb.cert.pl/sample/0461700051e86d2c7bb96b3151db07507a6cb7c05d235e39b001823f70f8b130/

Threat name:

Win64.Backdoor.CobaltStrike

Status:

Malicious

First seen:

2022-11-04 13:00:00 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

19 of 26 (73.08%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=arqxaacr5bwsy65znmyvdwyhkb5gzn6alurv4onqagbd64hyweya._file

Verdict:

malicious

Label(s):

cobaltstrike

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:1359593325 backdoor trojan upx

Link:

https://tria.ge/reports/221108-rnzwjaddfk/

Behaviour

UPX packed file

Cobaltstrike

Malware Config

C2 Extraction:

http://101.34.93.112:4443/api/x

Unpacked files

SH256 hash:

282fa0819fc899216a99b34480f7fba3d790e8c68ccfff806658ac3597655e67

MD5 hash:

608eaa1eedce7bd1033501615d495e4e

SHA1 hash:

86090f22a4aa75064b0fa588ed9885a827657cf0

Link:

https://www.unpac.me/results/75c6ca2d-6f8d-4211-a47b-26469e951109/

SH256 hash:

0461700051e86d2c7bb96b3151db07507a6cb7c05d235e39b001823f70f8b130

MD5 hash:

2d3bd5579f6a54cac49a26142f2d4de1

SHA1 hash:

96ed99c2f0ac2896369221fd9539847088f4abe5

Link:

https://www.unpac.me/results/75c6ca2d-6f8d-4211-a47b-26469e951109/

Malware family:

CobaltStrike

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/0461700051e8/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/330580/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample