MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15305978d7c42e26d908feca9aed4efa3df89ae6524ecce10752a2ee3cdf813f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15305978d7c42e26d908feca9aed4efa3df89ae6524ecce10752a2ee3cdf813f
SHA3-384 hash: b0b573c464321f062a8286deda4ce936e12f4298556ed96c54f5674900d40ffa747591c45e674337da84df074fa10bb4
SHA1 hash: d4c4afd63f0b4e443c8fbfc0dadd67637b51b254
MD5 hash: 489e8a0c6e1ebd01b4c961b15a36ae4f
humanhash: carbon-chicken-mexico-fillet
File name:489e8a0c6e1ebd01b4c961b15a36ae4f.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:370'440 bytes
First seen:2020-11-05 06:12:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 14511d611c61ebdd809ba81dd94028c6 (1 x CobaltStrike)
ssdeep 6144:wtd7C+LF6gqkbLHhVKp7TZfUnBtoh76DcvH4SE:Wj3q8ta1fKnooc/k
Threatray 627 similar samples on MalwareBazaar
TLSH 17745A16B2954CF8E472833C88928585E772BC450760DEFF2390977A9F336909D7EB62
Reporter abuse_ch
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/83049/
Detection(s):
Win.Ransomware.Ryuk-9785207-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/520938
Signature
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15305978d7c42e26d908feca9aed4efa3df89ae6524ecce10752a2ee3cdf813f/
Threat name:
Win64.Trojan.Bazaloader
Create hunting rule
Status:
Malicious
First seen:
2020-10-29 00:36:04 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cuyfs6gxyqxcnwii73fjv3ko7i67rgxgkjhmzyihkkro4pg7qe7q._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
05815c1e6e37cf16bb24c456836069a7709df19505708d26f503ff46360001ba
CobaltStrike
080ef9f0362e415d3292125aa97d460f0499b6bec9596e2e580aef1fd7576e07
CobaltStrike
2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c
CobaltStrike
836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599
CobaltStrike
87dca59ec3d55bcb1b05da564e5ce0a164ab633f1c46a18a97f72a30efff7388
CobaltStrike
9a7d2b2c96ee9b7b0ddc1665988d935a719f04cdb2b2dd331ec36aa4f6597506
CobaltStrike
ca00167290891c622745230d52c813ab8e25f18d2106f18fb6dc2594383b58d8
CobaltStrike
d44d718c247b1664861f987b1725314f152e43e7c1da80b163f812e1b7c3fdb7
CobaltStrike
e0952195d73431802bf22dad462b2fffda7ae4f4e384aad8e326b0c6404fb5bf
CobaltStrike
ede75c0a88d80043f79025dfd8ef91c3d1b01a1613f4a0347b2ceb29f8b19578
CobaltStrike
+ 617 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/201105-fcdsq4gg9a/
Behaviour
Cobaltstrike
Malware Config
C2 Extraction:
http://mn.idrivehepler.com:443/nl
http://nm.idrivehepler.com:443/nl
http://an.idrivehepler.com:443/RELEASE
Unpacked files
SH256 hash:
15305978d7c42e26d908feca9aed4efa3df89ae6524ecce10752a2ee3cdf813f
MD5 hash:
489e8a0c6e1ebd01b4c961b15a36ae4f
SHA1 hash:
d4c4afd63f0b4e443c8fbfc0dadd67637b51b254
Link:
https://www.unpac.me/results/0f7a9415-4bb1-492e-bacb-7945fcdc9c26/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/83049/

Comments