MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 051243b7e0082007493c576d3b896cbf3eeec3cf9572ee669ee0f4d7dca0570d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 051243b7e0082007493c576d3b896cbf3eeec3cf9572ee669ee0f4d7dca0570d
SHA3-384 hash: f58a13fb8b7b8baafcaaa17e80e192de99040a0270b8c5d38eed3e527e84c073f425e861e5bc223b761668e7ffb05fbf
SHA1 hash: 7f885b74a03bafc5a8349837d140214f75023d78
MD5 hash: ab75f4edb052dbb0ec99f5f8308c8202
humanhash: connecticut-cup-princess-lithium
File name:051243b7e0082007493c576d3b896cbf3eeec3cf9572ee669ee0f4d7dca0570d.bin
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:7'481'949 bytes
First seen:2021-07-28 10:05:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 196608:BAnCVyaEDb+C6OIVnctApt4X/dNT7J8EkuY+IfpzOj8XB01:uCVn6yCZIGSjENXJQBtt+8XBu
Threatray 781 similar samples on MalwareBazaar
TLSH T11F76332FB9C14175D930F437AA29F371513AAD624E48CA5FF3C0FA6AF835050A61EB91
dhash icon 62acb834f4983c32 (1 x CobaltStrike)
Reporter JAMESWT_WT
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
501
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
051243b7e0082007493c576d3b896cbf3eeec3cf9572ee669ee0f4d7dca0570d.bin
Verdict:
Malicious activity
Analysis date:
2021-07-28 10:08:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d52be9e7-e80e-4a3b-994d-8cb10ccc4232

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174612/
Detection(s):
SecuriteInfo.com.Gen.Variant.Razy.582340.18684.14597.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6b302deb-84f4-47f7-8751-1a78568c6770
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/822996
Signature
Machine Learning detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.NimzLoader
Create hunting rule
Status:
Malicious
First seen:
2021-07-25 01:06:36 UTC
File Type:
PE (Exe)
Extracted files:
61
AV detection:
25 of 46 (54.35%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
1733e38a94926a2b46825946f9602eabebecad6f2659af685b2474c15724c961
CobaltStrike
1a3736d0a59836c3feecb448a77c4ab269dbd29df9de58ef81070129e248eb6c
CobaltStrike
3b28cef3fbfcc3a04ec60110dc57b789425a4bab6b7be57e20b7bbd08783e043
CobaltStrike
41f7f900d07f07c3f6d9d8aba51633b84766f7afe166505ac25a1bc5854f5f4a
CobaltStrike
6256527c14f620b3e72b8841930d51e83d9a443a5f3676e966d3f2969ed35bfa
CobaltStrike
6aae470221ba1879a26af8172df018f07eafa1f26857a8b33092b7da5582317c
CobaltStrike
9371abbf0b553023b6ddd05e91a3acaf95f4b5a1a38db5bf8634c1aca7e18d34
CobaltStrike
b0b851f99f1cc076735446c7604066a790017d08654f864851622781847ea92e
CobaltStrike
+ 771 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/210728-zxva93ldea/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Loads dropped DLL
Executes dropped EXE
Cobaltstrike
Malware Config
C2 Extraction:
http://8.136.4.131:6666/NsLP
Unpacked files
SH256 hash:
25fcb92356edd1d9dd5a1052a17756afa655258b2a7603994f7d0212057bc8bb
MD5 hash:
ec1cd149d3c1af93cd1a268a7634f580
SHA1 hash:
c6dda9414593536eb902b34af67c94554033cc2d
Link:
https://www.unpac.me/results/7c978658-66a5-4f18-80d6-d2bbaa3b6f63/
SH256 hash:
4da1830708b80539cb6ef7893ccd60ac731ca1e159495cac8fd6d6baa0e06e5c
MD5 hash:
fff59f620f89e1db1a55a67c02d7cd82
SHA1 hash:
93363f117557a3b74bad23280f1849d539739ecc
Link:
https://www.unpac.me/results/7c978658-66a5-4f18-80d6-d2bbaa3b6f63/
SH256 hash:
051243b7e0082007493c576d3b896cbf3eeec3cf9572ee669ee0f4d7dca0570d
MD5 hash:
ab75f4edb052dbb0ec99f5f8308c8202
SHA1 hash:
7f885b74a03bafc5a8349837d140214f75023d78
Link:
https://www.unpac.me/results/7c978658-66a5-4f18-80d6-d2bbaa3b6f63/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/051243b7e0082007493c576d3b896cbf3eeec3cf9572ee669ee0f4d7dca0570d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/174612/

Comments