MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18a44e52d98237aae86d2bc2050ccf4438514faf866812c1268d62356c19d6a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 18a44e52d98237aae86d2bc2050ccf4438514faf866812c1268d62356c19d6a9
SHA3-384 hash: c5d7c87cfe58b9cc6a9f4f5b9840f22b5f0d7347d7b41492b86bf93dd143451ca032b04a4fe5fba45727f8aa73251641
SHA1 hash: c49a07cd01890c981933ba8f71ac4a739418c498
MD5 hash: 59f0ec0adf69728a1cbf70b5837485ef
humanhash: iowa-video-purple-winner
File name:59f0ec0adf69728a1cbf70b5837485ef.dll
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:15'886 bytes
First seen:2021-06-20 07:38:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 18b8ca59e0dde52b50f46aacc686771a (1 x CobaltStrike)
ssdeep 192:CxKnn9A3Qo/AF/mvVi9bPikGJOG0egoiY958b5TABxKA/N8:KIn9SQh8vVSKNJO5YxKA/+
Threatray 81 similar samples on MalwareBazaar
TLSH DA62F60EEBA394FAC449D17491FF4731A4F9B93208B5992E32ACD3354F286D1973E906
Reporter abuse_ch
Tags:CobaltStrike dll exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
589
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
59f0ec0adf69728a1cbf70b5837485ef.dll
Verdict:
No threats detected
Analysis date:
2021-06-20 07:39:57 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8f59d673-4ce2-4940-b7e7-62fa368d31e7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/167149/
Detection(s):
Win.Countermeasure.LoaderWinGeneric-9804845-2
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ec7383d4-3f0c-4673-95b1-d35e317c3496
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/804867
Signature
Multi AV Scanner detection for submitted file
Sigma detected: CobaltStrike Load by Rundll32
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 437278 Sample: uNh5bTbDTa.dll Startdate: 20/06/2021 Architecture: WINDOWS Score: 64 34 Multi AV Scanner detection for submitted file 2->34 36 Sigma detected: CobaltStrike Load by Rundll32 2->36 7 loaddll64.exe 1 2->7         started        process3 process4 9 rundll32.exe 6 7->9         started        13 iexplore.exe 2 84 7->13         started        15 cmd.exe 1 7->15         started        17 5 other processes 7->17 dnsIp5 32 194.135.90.221, 443 RACKRAYUABRakrejusLT Lithuania 9->32 38 System process connects to network (likely due to code injection or exploit) 9->38 19 WerFault.exe 20 9 9->19         started        21 iexplore.exe 5 152 13->21         started        24 rundll32.exe 15->24         started        signatures6 process7 dnsIp8 26 prod.appnexus.map.fastly.net 151.101.1.108, 443, 49746, 49747 FASTLYUS United States 21->26 28 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49743, 49744 FASTLYUS United States 21->28 30 11 other IPs or domains 21->30
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/18a44e52d98237aae86d2bc2050ccf4438514faf866812c1268d62356c19d6a9/
Threat name:
Win64.PUA.CobaltStrikeArtifact
Create hunting rule
Status:
Malicious
First seen:
2021-05-12 06:24:54 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dcse4uwzqi32v2dnfpbakdgpiq4fct5pqzubfqjgrvrdk3az22uq._file
Verdict:
unknown
Similar samples:
03729ae2db20f485c0b83fbf36d2a22d629137deb2032bf972132db9f2805882
CobaltStrike
080ef9f0362e415d3292125aa97d460f0499b6bec9596e2e580aef1fd7576e07
CobaltStrike
2e2beb994ca6cc63e56fca1620329e5baee70d9db90b5e7a4940dd2886c5e3f3
CobaltStrike
49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a
CobaltStrike
68081a431396a2876a1f57b55ebfc2bfb762abcc4feb5d29e9b0415ef415d10e
CobaltStrike
7e8a4bbdc12c7caefb486b28be1eebf0e35a8ad5f745aae17abbe7f40aff661f
CobaltStrike
8360faeed3c802fbd78d0f31b14c5b3cdbf01edca8fdc486994d2cc1c2cd70a4
CobaltStrike
8b681d031297cba8158e0d245cc422f2c59151ec1c7639056c1d9c75f377c792
CobaltStrike
d2eee2fa771e54c1a44cfc4d40eef50be4776a25987b72633f7b91faf2302092
CobaltStrike
d5eb97a976f21c390d17f818f03e5ae95d52c2db00bcb714a9fe6ae2e3ae5581
CobaltStrike
+ 71 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210620-v9v8c15xks/
Unpacked files
SH256 hash:
18a44e52d98237aae86d2bc2050ccf4438514faf866812c1268d62356c19d6a9
MD5 hash:
59f0ec0adf69728a1cbf70b5837485ef
SHA1 hash:
c49a07cd01890c981933ba8f71ac4a739418c498
Link:
https://www.unpac.me/results/de73b8a3-e1f3-4470-80c2-9e89a8683bdc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/18a44e52d98237aae86d2bc2050ccf4438514faf866812c1268d62356c19d6a9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/167149/

Comments