MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 073143c5d5589117612c308b01f84c5e5b024878e98b15021ca820458219a568. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	073143c5d5589117612c308b01f84c5e5b024878e98b15021ca820458219a568
SHA3-384 hash:	004426cc73ef9511169e7a7863ddf785c3efc82cec0c9cc03cbdb5f42cc2024da0e3a67b25b4d94c22d871ba5c266378
SHA1 hash:	a4e79f386e275c345d3098a56c4269a6a8df209f
MD5 hash:	1fa2d8db24799c93d9b6aa37e05f5525
humanhash:	robin-butter-burger-may
File name:	SecuriteInfo.com.Variant.Ulise.248204.21499.13114
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	339'112 bytes
First seen:	2021-07-02 18:51:57 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	64f1814b769b7e8d7e61f45d0e9f5051 (3 x CobaltStrike)
ssdeep	6144:v13nwMjsBt/xLRMf93cDv6x28TYfzCHkmGj8aOZL4AnLLO:d3wMsB7RMfFgsT4Ak8l43
TLSH	1874D621EEC5CFA7D0E30D311353D6E149F9CC661B01D6CA62A67682F0BAAB354D993C
Reporter	SecuriteInfoCom
Tags:	CobaltStrike exe signed

Code Signing Certificate

Organisation:	MZJVESLENZVLRPQFZD
Issuer:	MZJVESLENZVLRPQFZD
Algorithm:	sha1WithRSA
Valid from:	2021-07-01T08:06:03Z
Valid to:	2039-12-31T23:59:59Z
Serial number:	-0554997aace2146fbbe566934f34f131
Thumbprint Algorithm:	SHA256
Thumbprint:	6b33bedb2c9d9f2ec92f26f5a1e237ba4b1310cd333675a2d7c5816089b55094
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

503

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Variant.Ulise.248204.21499.13114

Verdict:

Malicious activity

Analysis date:

2021-07-02 18:55:15 UTC

Tags:

trojan cobaltstrike

Link:

https://app.any.run/tasks/7352c327-867c-4fcc-8c40-1005a8f23b3c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

CobaltStrike

Link:

https://www.capesandbox.com/analysis/169401/

Detection(s):

SecuriteInfo.com.Variant.Ulise.248204.21499.13114.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

CobaltStrike

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/431e0d1b-16f8-48ce-bbb8-499ac46ff580

Result

Threat name:

CryptOne CobaltStrike

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/811246

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to detect sleep reduction / modifications

Detected CryptOne packer

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Yara detected Powershell download and execute

Behaviour

Behavior Graph:

Download SVG

Detection:

cobaltstrike

Link:

https://mwdb.cert.pl/sample/073143c5d5589117612c308b01f84c5e5b024878e98b15021ca820458219a568/

Threat name:

Win32.Hacktool.CobaltStrike

Status:

Malicious

First seen:

2021-07-02 17:12:05 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

19 of 29 (65.52%)

Threat level:

1/5

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:1359593325 backdoor cryptone packer trojan

Link:

https://tria.ge/reports/210702-37g137hbme/

Behaviour

Cobaltstrike

Malware Config

C2 Extraction:

http://23.227.203.229:80/pixel

Unpacked files

SH256 hash:

d74d084b85ae75fd791fb79cd5959ebdac408f2f0c7897715c5c0a9ec7d112a1

MD5 hash:

e75046878a3e61fec2507e274891315c

SHA1 hash:

0caa401c5bb166e1fecb93b0922f8808f7756a18

Link:

https://www.unpac.me/results/0177ae89-6c6b-46f3-868e-0ac0a9b79164/

SH256 hash:

5d08f75398ac89a9b4877ffbff4e127b45d2c05f8941cc14280a4bdd3e004af5

MD5 hash:

5315e6546f01b26f950f07a7909c8507

SHA1 hash:

41e17ba465cea2734dd2e098fec99263b88ead66

Link:

https://www.unpac.me/results/0177ae89-6c6b-46f3-868e-0ac0a9b79164/

SH256 hash:

073143c5d5589117612c308b01f84c5e5b024878e98b15021ca820458219a568

MD5 hash:

1fa2d8db24799c93d9b6aa37e05f5525

SHA1 hash:

a4e79f386e275c345d3098a56c4269a6a8df209f

Link:

https://www.unpac.me/results/0177ae89-6c6b-46f3-868e-0ac0a9b79164/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/073143c5d5589117612c308b01f84c5e5b024878e98b15021ca820458219a568

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

exe 073143c5d5589117612c308b01f84c5e5b024878e98b15021ca820458219a568

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1420323/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/169401/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample