MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 132bdcb986e3e3b9599b5b293b3318e7c630495e87a9d1fa02287ae80f9e652f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 132bdcb986e3e3b9599b5b293b3318e7c630495e87a9d1fa02287ae80f9e652f
SHA3-384 hash: 0a788abf3661505c30574b11e57cf138c1a7ae96b6c20c52767835934b6ee35b63b747d160a833d7358dadde15e29176
SHA1 hash: 0d14adb6758998182b644e9f93e04117ba7457ee
MD5 hash: 71032e98341065c93f38a226de74d7a0
humanhash: illinois-five-two-india
File name:svh.osts
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:584'704 bytes
First seen:2021-03-12 16:53:37 UTC
Last seen:2021-03-12 18:35:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 411ffb52ed1a3976bd3ea3da17263819 (1 x CobaltStrike)
ssdeep 6144:CWVo7375acQA6FmIiMNvCejvFQTZAnO5CrK4ZcPfCTo/tXq0T7+VO8Azg8Ug7mSD:CWVQ37UcQfcuCejviTA2SWkoMXVsvPf
Threatray 628 similar samples on MalwareBazaar
TLSH 4FC44A46F7F883B6D056D13AC5238F4AE7B1BC454A30938F42A1B76E5F33791582A326
Reporter ffforward
Tags:CobaltStrike dll Loader

Intelligence

File Origin
# of uploads :
3
# of downloads :
607
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
case#_139739537_445143708.xls
Verdict:
Malicious activity
Analysis date:
2021-03-12 16:47:38 UTC
Tags:
macros ta505
Link:
https://app.any.run/tasks/8d15b523-7fc6-4f75-911d-23400a2d5244

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/123968/
Detection(s):
SecuriteInfo.com.generic.ml.3619.18375.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/638063
Signature
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/132bdcb986e3e3b9599b5b293b3318e7c630495e87a9d1fa02287ae80f9e652f/
Threat name:
Win64.Trojan.Shelma
Create hunting rule
Status:
Malicious
First seen:
2021-03-12 16:50:34 UTC
AV detection:
7 of 28 (25.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
03729ae2db20f485c0b83fbf36d2a22d629137deb2032bf972132db9f2805882
CobaltStrike
055672abeb2d5018279ea2ad039bfa752c1f8333c065e3830ba61b17a65f3731
CobaltStrike
6543e374acbfe9a3bcfa9a76cb743aaea934c1a1fce7c419b42c27b3fbb1f880
CobaltStrike
6cf0a44011ec1e1a891d7d06357c4687634e42d65a3eecfe9180e608b5d6e150
CobaltStrike
84cef0aed269e6213bfa213d95a3db625bcdde130f33bf4227436985e4473252
CobaltStrike
8fabea95cbfe1da521dfcd7880ec3301a3a32175741680d8c1a8acacc0199eb7
CobaltStrike
a93eb70cc4152e32cd3a39fda968b2da5ade48453927410a0d520f2d13223d11
CobaltStrike
cb01f31a322572035cf19f6cda00bcf1d8235dcc692588810405d0fc6e8d239c
CobaltStrike
dbafbe9edfdac67a781756a6970a7341fd5401b0914fff7e3e8136cff0426fc5
CobaltStrike
f25295fc7d3435f80f39e602465da255ee0ace3d845315dac8731873adff894d
CobaltStrike
+ 618 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/210312-yzywrjvsf2/
Behaviour
Modifies system certificate store
Blocklisted process makes network request
Cobaltstrike
Malware Config
C2 Extraction:
http://onealabamasport.com:443/jquery-3.3.2.slim.min.js
http://onealabamasport.com:443/jquery-3.3.1.min.js
Unpacked files
SH256 hash:
132bdcb986e3e3b9599b5b293b3318e7c630495e87a9d1fa02287ae80f9e652f
MD5 hash:
71032e98341065c93f38a226de74d7a0
SHA1 hash:
0d14adb6758998182b644e9f93e04117ba7457ee
Link:
https://www.unpac.me/results/960cb600-0a07-4dee-88ce-5aa7ce552bb8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/132bdcb986e3e3b9599b5b293b3318e7c630495e87a9d1fa02287ae80f9e652f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SilentBuilder

Excel file xls 6cf0a44011ec1e1a891d7d06357c4687634e42d65a3eecfe9180e608b5d6e150

CobaltStrike

Executable exe 132bdcb986e3e3b9599b5b293b3318e7c630495e87a9d1fa02287ae80f9e652f

(this sample)

  
Link
https://tria.ge/210312-7z5wdcrxh6
  
URLhaus
https://urlhaus.abuse.ch/url/1063587/
  
Dropped by
SHA256 6cf0a44011ec1e1a891d7d06357c4687634e42d65a3eecfe9180e608b5d6e150
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/123968/

Comments