MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12b960dd90803aa2fb3af2468a0b117ca335e23ba5cf7cbb96f9cdcb97650871. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12b960dd90803aa2fb3af2468a0b117ca335e23ba5cf7cbb96f9cdcb97650871
SHA3-384 hash: a9fbec2cf732c595e767ab6e3dc7ec60da1cae7248c7818ce1712d371ea1d62b0bc70fa026caa6301e2ff872b6d41558
SHA1 hash: e0e5914ba9ccce368eefbecb08a0552adc5eec65
MD5 hash: 23cd775f76b437e290bc473e64323754
humanhash: north-network-twelve-twelve
File name:23cd775f76b437e290bc473e64323754
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:284'672 bytes
First seen:2021-09-02 11:54:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dc25ee78e2ef4d36faa0badf1e7461c9 (118 x CobaltStrike, 5 x Cobalt Strike)
ssdeep 3072:gRTZZQnqj7Eh2HksxE/WTLhWngjh50kKc8Y8iBTrEpfFcgSeIMK:gRTcnqPEEHksfTLhIgjWc8fiSpfFcmK
Threatray 487 similar samples on MalwareBazaar
TLSH T1FC54CF5085F1DE2ADABF413785C8D7386E097FFAC7604B1C77469178B507A28A80DEB8
Reporter zbetcheckin
Tags:32 CobaltStrike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
168
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
23cd775f76b437e290bc473e64323754
Verdict:
No threats detected
Analysis date:
2021-09-02 11:56:46 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c99d2b9c-1b40-45e2-aca5-00094c559907

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
CobaltStrikeBeacon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/184742/
Detection(s):
Win.Trojan.CobaltStrike-7899872-1
Create hunting rule

Win.Countermeasure.LoaderWinGeneric-9804845-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sending an HTTP GET request
Sending a UDP request
Malware family:
CobaltStrike
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/30cd8443-d786-4d9c-8c19-2e32386d1c5d
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/843953
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: CobaltStrike Named Pipe
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12b960dd90803aa2fb3af2468a0b117ca335e23ba5cf7cbb96f9cdcb97650871/
Threat name:
Win32.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2021-08-30 15:30:55 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
023cff6801f8909f19d3c66e3ad286f6bb84a6b4f518bfac3d44026318fa8775
CobaltStrike
064924bf49bd1809d90df0169eb6e354ce8f5b88100bb39b89460c480121fbeb
CobaltStrike
0cc7d4ede78c40918f18f2a409fab83fbce74afe666a558c1e18109204df0a0c
CobaltStrike
1c5198e6e4f9eb17e35ac43f1554cf88a1602c1fa6afa61ee9c0b845329dec99
CobaltStrike
23537b7760c3db032fe5a8442a45d376a3ac9738445d0292c984e6b6ce5cf27b
CobaltStrike
2df05a70d3ce646285a0f888df15064b4e73034b67e06d9a4f4da680ed62e926
CobaltStrike
c57345f4b66a1f93a9b474126a259b778a70d4b297dacd33d7466954e18e4673
CobaltStrike
c7a9310c100613e33934b5a510ab826a1a776386bb73540d346b70f37ed0a2a4
CobaltStrike
cfef4e61370835dd783be4e4f6787f426f24956de4368026149157e9941cef22
CobaltStrike
eefecfb998ba82c76a44e86923d550d1c2d2cf24ea5b8b77ff8b25ed7d5d1c7e
CobaltStrike
+ 477 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike botnet:1359593325 backdoor trojan
Link:
https://tria.ge/reports/210902-aszmkbgnrx/
Behaviour
Cobaltstrike
Malware Config
C2 Extraction:
http://108.177.235.131:80/ki.css
Unpacked files
SH256 hash:
12b960dd90803aa2fb3af2468a0b117ca335e23ba5cf7cbb96f9cdcb97650871
MD5 hash:
23cd775f76b437e290bc473e64323754
SHA1 hash:
e0e5914ba9ccce368eefbecb08a0552adc5eec65
Link:
https://www.unpac.me/results/06fae4e4-6fcc-4797-ba4d-4c8346b7b574/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/12b960dd90803aa2fb3af2468a0b117ca335e23ba5cf7cbb96f9cdcb97650871

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe 12b960dd90803aa2fb3af2468a0b117ca335e23ba5cf7cbb96f9cdcb97650871

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/184742/
  
URLhaus
https://urlhaus.abuse.ch/url/1585967/

Comments


Avatar
zbet commented on 2021-09-02 11:55:00 UTC

url : hxxp://108.177.235.131/asdffs.exe