MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 060500558c754696c0056ec073344071c058d198ea0dba06632f93edb1276624. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	060500558c754696c0056ec073344071c058d198ea0dba06632f93edb1276624
SHA3-384 hash:	cb8e15e7072a2d8c57d2c05e641ee423781ee1a9b7069fa112661a3eaa12ee8e9698ac5bc5030ee38f8a64d00896b559
SHA1 hash:	dde6fd2b77bf994831e1238786cd1d6834c60731
MD5 hash:	ac35e2b43b2da7c23c1863c66cf407f4
humanhash:	magazine-butter-mike-undress
File name:	SimpleDateTime.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	36'864 bytes
First seen:	2020-11-04 21:48:07 UTC
Last seen:	2020-11-04 23:39:57 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	43e5b039b1f9f3684add8eabfb2166c0 (1 x CobaltStrike)
ssdeep	192:/TaQQJobRyDHdu+k/E4Hscu07xSselWxXOivUmCwUGGgJWqQkoDXx9NMpZeocvOa:/ToAIjeNmlWxXOivUm3UGfWyyDNa
Threatray	3'343 similar samples on MalwareBazaar
TLSH	4EF24335A978102AF767F6719AC18567E6D47C3239116D22FE872B0C29368C3B3E152F
Reporter	James_inthe_box
Tags:	CobaltStrike exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

116

Origin country :

n/a

Vendor Threat Intelligence

Detection:

CobaltStrikeBeacon

Link:

https://www.capesandbox.com/analysis/83012/

Detection(s):

SecuriteInfo.com.generic.ml.31775.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Sending a custom TCP request

Result

Threat name:

Unknown

Detection:

malicious

Classification:

rans

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/520698

Signature

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Potential malicious icon found

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/060500558c754696c0056ec073344071c058d198ea0dba06632f93edb1276624/

Threat name:

Win32.Infostealer.Snojan

Status:

Malicious

First seen:

2020-11-04 21:48:02 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=aycqavmmovdjnqafn3ahgncaohafrumy5ig3ubtdf6j63mjhmysa._file

Verdict:

unknown

Similar samples:

0282b710d24b3d098017e3231c93e1b46bf8586a6e0cc83ec76f2a1d710c6813

07bea1f0f5a11fdada688ba215ee670c1a77d2f05b0e1125edaee37e66a0819c

0a9055100b10ba145a65334aa2b316bc30722cd75539c6dcca168da6263040a6

26d95099636e212fccb35c4865a6aaee393079698b6c3a6f0a07ef2960a845b0

3f2c710a97bb42579ee2f9956437ff160a68bd787439fbc025ab3d6b46076d34

448379f1a0a59fa0a84180351e48559c9ed7ea6875cdd525782b714a77a2fff9

4acadb0925e9ed9375a93307e5fbee58a8bbefe02a97463bf45e45752a7cfe42

4b632e01957edd0717ec241f31b52bee90b2060d1a99e1467c842f0241d68d02

a891606327e5e625ddd626a1c63958e6575c2293bcfef7388fb803cef653f931

e8b09f7077354fc4eac453773e0404cfcb88694939d7604165d0ea768249050d

+ 3'333 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/201104-cc7szcw876/

Behaviour

Suspicious use of SetWindowsHookEx

Cobaltstrike

Malware Config

C2 Extraction:

http://217.12.208.31:443/questions/32251816/c-sharp-directives-compilation-error

Unpacked files

SH256 hash:

060500558c754696c0056ec073344071c058d198ea0dba06632f93edb1276624

MD5 hash:

ac35e2b43b2da7c23c1863c66cf407f4

SHA1 hash:

dde6fd2b77bf994831e1238786cd1d6834c60731

Link:

https://www.unpac.me/results/4f555acd-e860-48b4-b2b3-25f051f68a4a/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/83012/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample