MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12278a4c7c9600fbe9e527388a4d96b5d29e110cf630d20ddc1efdb8f069b3c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 5

Intelligence 5 IOCs YARA 1 File information Comments

SHA256 hash:	12278a4c7c9600fbe9e527388a4d96b5d29e110cf630d20ddc1efdb8f069b3c9
SHA3-384 hash:	f340231e14fc1fa90ad4eabf696759773b01d779ec0b33e2583ae40c0714de303857d4afd2d488f514951accba9761ff
SHA1 hash:	f93a2260a39cc38c3c103242fc19d01edf2617e2
MD5 hash:	baffb37c48bffc4d8020c4c97fe61650
humanhash:	twelve-winter-fix-indigo
File name:	12278a4c7c9600fbe9e527388a4d96b5d29e110cf630d20ddc1efdb8f069b3c9
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	10'752 bytes
First seen:	2020-09-03 13:44:42 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7cf12dc5c0b6a6133e9ff8b1a4c6d4ed (1 x CobaltStrike)
ssdeep	96:vXx7Vqzq33jNCNsv3dr7rs1rpL1qUaKtCOzhLds1CmIwz3bXQ/MiR5n5tqPNcmVG:GzMNF3dr/srZY+ZwbLQkmxrqlc
Threatray	56 similar samples on MalwareBazaar
TLSH	29222C47FD850CB1D67682F45EEB8639ABB2E1224C22063DFF54FB0E4E23B15594B246
Reporter	JAMESWT_WT
Tags:	109.235.70.99 194.135.81.96 CobaltStrike

Intelligence

File Origin

# of uploads :

# of downloads :

100

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/54776/

Detection(s):

Win.Trojan.CobaltStrike-7913051-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Searching for the window

Connection attempt

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/458357

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/12278a4c7c9600fbe9e527388a4d96b5d29e110cf630d20ddc1efdb8f069b3c9/

Threat name:

Win32.Trojan.Swrort

Status:

Malicious

First seen:

2020-09-03 13:45:22 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 29 (72.41%)

Threat level:

5/5

Verdict:

malicious

CobaltStrike

0eb41e962d7be24fe14670c0bda3283dd6db00bbe813d1d93da23c125af8e4dc

CobaltStrike

39dca3fbd2f4684b95c0e46c833dcf6d95a0d7b53ede8e5a0a62a1d04bc37e0b

CobaltStrike

49ea2b64601f51c9464960630f27180d4a4ae27c1dfd1ab0fe91a315ac945fa8

CobaltStrike

59aca50cb75bc0a04800fdaa9e55c259f08b07f5705783def02789c1cfe439d1

CobaltStrike

8c195ec63793d4d4927cb5e06cd2c5771cedab32baecd2097454e3709e2748cc

CobaltStrike

925f678c8adafa7aeae7d0894ea871001ffabe237d6e6b5764eabb0c59c6f8d1

CobaltStrike

b97b606aef81420a441aba88b42c44aa8e102390434be5714d33bb07645912d2

CobaltStrike

f0bcf90c8a887b662d9413e62ff453dea774e520df15a6651eacad17eda434ac

CobaltStrike

f6e04b3710044f76666468559fd2b6688ccac091284d138e461c2257c387d7d3

CobaltStrike

+ 46 additional samples on MalwareBazaar

Result

Malware family:

metasploit

Score:

10/10

Tags:

family:metasploit

Link:

https://tria.ge/reports/200903-1gb3ryedgj/

Behaviour

Metasploit family

Malware Config

C2 Extraction:

http://109.235.70.99:443/RmJS

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/12278a4c7c9600fbe9e527388a4d96b5d29e110cf630d20ddc1efdb8f069b3c9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Cobalt_functions Create hunting rule
Author:	@j0sm1
Description:	Detect functions coded with ROR edi,D; Detect CobaltStrike used by differents groups APT

File information

The table below shows additional information about this malware sample such as delivery method and external references.

https://twitter.com/malwrhunterteam/status/1301467555345948672?s=20

Cape

https://www.capesandbox.com/analysis/54776/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample