MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 116af9afb2113fd96e35661df5def2728e169129bedd6b0bb76d12aaf88ba1ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 116af9afb2113fd96e35661df5def2728e169129bedd6b0bb76d12aaf88ba1ab
SHA3-384 hash: 9f069a86e11490a72a107fb496d0537174609bce059438d15056584aed0ca1dd307955a585a749c35e8ddaac6c7cbe5f
SHA1 hash: 1bd283e5d55777a53f372d22ef74e07e12263759
MD5 hash: a83f7181e65e2f0452961dbe1ce4856b
humanhash: item-minnesota-cat-bulldog
File name:a83f7181e65e2f0452961dbe1ce4856b.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:5'343'114 bytes
First seen:2021-07-08 10:43:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c9adc83b45e363b21cd6b11b5da0501f (82 x ArkeiStealer, 60 x RecordBreaker, 46 x RedLineStealer)
ssdeep 98304:AAI+z7iFOrUArcfNIMiJ8B45+OJ1Pg0JfF7dQAjLNxQCAot2nSqgUIU:ntfiFOrGniqiNk0TrjLNyC7t2nSHU
Threatray 141 similar samples on MalwareBazaar
TLSH T1E236337E9744C832DAA00875B96AD72EF47E77441B39059B61DC5E1CE63320B0F72AE2
Reporter abuse_ch
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
512
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Setup0.exe
Verdict:
Malicious activity
Analysis date:
2021-07-04 13:59:34 UTC
Tags:
installer
Link:
https://app.any.run/tasks/043c9819-259c-403c-906f-eab33b93a0c6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/170411/
Detection(s):
SecuriteInfo.com.PSW.Generic8.ISF.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/37b53c53-acae-4469-b174-4bc9dad9bd01
Result
Threat name:
CobaltStrike Metasploit
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/813436
Signature
C2 URLs / IPs found in malware configuration
Clickable URLs found in PDF pointing to potentially malicious files
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Yara detected CobaltStrike
Yara detected Metasploit Payload
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/116af9afb2113fd96e35661df5def2728e169129bedd6b0bb76d12aaf88ba1ab/
Threat name:
Win32.Trojan.Sheljector
Create hunting rule
Status:
Malicious
First seen:
2021-07-07 00:06:26 UTC
File Type:
PE (Exe)
AV detection:
8 of 29 (27.59%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cfvptl5sce75s3rvmyo7lxxsokhbnejjx3owwc5xnujkv6elugvq._file
Verdict:
unknown
Similar samples:
01b45d40b3c0e6eb46294b021f2a681572ae10e63b48a38c7e02efcf1ce24591
CobaltStrike
1b7d7515f98891cf08164a7469bb9c9f3133e7834cfe99d55094594ca330e982
CobaltStrike
1e5559caf020549f18b27ca5dcb9087b2d1f922b3de747d82b5503b89a849b95
CobaltStrike
48c1378f5e48ec365691bf3cf9c44f381e181c0e669df0169ff057c2cf8917f8
CobaltStrike
4ae0156d1ccca584c5ed35708b150e0649cd470f5b192653a578c215e5118c08
CobaltStrike
5ce9dedae33e348bed0fc2fa2f8831adc8263177b7d2674dc634cd2709beba09
CobaltStrike
9217d926826128058e86a2a2bba020ea38062503648e320194b22d1ade0ffee9
CobaltStrike
da3e6a0d34e00cfd8f0ba76fb647ad9b4c8d3f7dbfef567b4db2127d83b076c9
CobaltStrike
eb2b82c14b81523edd762536c3dcd308624821dd6840e8cabdf94327d55fcbf9
CobaltStrike
ff4a3e44fcd1cfbbf10ac318aca7559e0c20d0563e11e8a98e21e09e97ca68d3
CobaltStrike
+ 131 additional samples on MalwareBazaar
Result
Malware family:
metasploit
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike family:metasploit botnet:0 backdoor discovery link pdf trojan
Link:
https://tria.ge/reports/210708-xm5d36e47n/
Behaviour
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
HTTP links in PDF interactive object
Checks installed software on the system
Loads dropped DLL
Executes dropped EXE
Cobaltstrike
MetaSploit
Malware Config
C2 Extraction:
http://vmware.center:443/mV6c
http://vmware.center:443/w/index.php
Unpacked files
SH256 hash:
95d2d25d86f705aaed7356ef2dbee5027550bfa5d5385cc654e6e4096932bf8b
MD5 hash:
a6251968775dc081f21d2b6e7a37a9fa
SHA1 hash:
bae094716d9176ba6861d82c869c20d2318493be
Link:
https://www.unpac.me/results/f3f2c5d6-0b08-4b4d-8704-25674f62d159/
SH256 hash:
5ccf165b8e4af1a82bc0b9d03baff96b6da2d82befa70f86d9f6ea10b9af0424
MD5 hash:
90cac1c184423d41f9d35d0f1fdbcb51
SHA1 hash:
9798ac79c256580d7f51d2035f42c525b6bd9b85
Link:
https://www.unpac.me/results/f3f2c5d6-0b08-4b4d-8704-25674f62d159/
SH256 hash:
116af9afb2113fd96e35661df5def2728e169129bedd6b0bb76d12aaf88ba1ab
MD5 hash:
a83f7181e65e2f0452961dbe1ce4856b
SHA1 hash:
1bd283e5d55777a53f372d22ef74e07e12263759
Link:
https://www.unpac.me/results/f3f2c5d6-0b08-4b4d-8704-25674f62d159/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/116af9afb2113fd96e35661df5def2728e169129bedd6b0bb76d12aaf88ba1ab

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/170411/

Comments