MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a71685e9d69c3e7619c5f20dbc3bbd693efb1db2370f5127d7f5c81df2baf3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a71685e9d69c3e7619c5f20dbc3bbd693efb1db2370f5127d7f5c81df2baf3b
SHA3-384 hash: e1633f7b6d1465db28a785cda0bd5d292908b634f38bc4c01de994c08574030155e9f72f1841d833684ba5fd99efb2bb
SHA1 hash: ed69606248f0e6adba8aa801584f9169ccf91e5d
MD5 hash: 0d2f95f3948eed76a8a457120343d56b
humanhash: mississippi-winter-ohio-salami
File name:46.dll
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:291'840 bytes
First seen:2022-11-25 15:15:16 UTC
Last seen:2022-11-25 15:16:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5efb552f5df8db9d307126607c1d1995 (1 x CobaltStrike)
ssdeep 6144:1yAxEXSyUWAOKleYXv9pl/eFwkVMMLbq8sbNRkkvJAhxAItayq6:0IL4AhnXv/EFTfy8sZRkpnAIta
TLSH T1D4549E021D18529EE8F7DB36C361C36136CDF06849A18728CA9FDA30C5AC63B9F695D7
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.6% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter dor0n
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
425
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
46.dll
Verdict:
No threats detected
Analysis date:
2022-11-25 15:16:57 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4d67e467-996e-4cfa-a242-f83cb979b41f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
CobaltStrikeBeacon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/338486/
Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/6380dc3324da1c12cfe1ac09/reports/769f413b-021e-45c3-8240-71d48150c472/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7b934261-df7e-4a48-af6a-0fc75f3f5cd6
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1121206
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Malicious sample detected (through community Yara rule)
Queues an APC in another process (thread injection)
Rundll32 performs DNS lookup (likely malicious behavior)
System process connects to network (likely due to code injection or exploit)
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 753923 Sample: 46.dll.dll Startdate: 25/11/2022 Architecture: WINDOWS Score: 84 28 Malicious sample detected (through community Yara rule) 2->28 30 Antivirus detection for URL or domain 2->30 32 Yara detected CobaltStrike 2->32 34 C2 URLs / IPs found in malware configuration 2->34 7 loaddll64.exe 1 2->7         started        process3 process4 9 rundll32.exe 7->9         started        13 cmd.exe 1 7->13         started        15 rundll32.exe 7->15         started        17 conhost.exe 7->17         started        dnsIp5 24 viltaos.com 9->24 36 System process connects to network (likely due to code injection or exploit) 9->36 38 Rundll32 performs DNS lookup (likely malicious behavior) 9->38 40 Queues an APC in another process (thread injection) 9->40 19 rundll32.exe 13->19         started        26 viltaos.com 15->26 signatures6 process7 dnsIp8 22 viltaos.com 19->22
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1a71685e9d69c3e7619c5f20dbc3bbd693efb1db2370f5127d7f5c81df2baf3b/
Threat name:
Win64.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2022-11-25 15:16:07 UTC
File Type:
PE+ (Dll)
AV detection:
12 of 26 (46.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=djywqxu5nhb6oym4l4qnxq5322j67mo3enypket5p5oidxzlv45q._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221125-snfy4aah7z/
Verdict:
Informative
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d4d90c11-84b6-4c12-b79b-ad64e75405a7
Unpacked files
SH256 hash:
1a71685e9d69c3e7619c5f20dbc3bbd693efb1db2370f5127d7f5c81df2baf3b
MD5 hash:
0d2f95f3948eed76a8a457120343d56b
SHA1 hash:
ed69606248f0e6adba8aa801584f9169ccf91e5d
Link:
https://www.unpac.me/results/aec3f6b7-68c0-4ec7-9d8d-293a3b81ada4/
Malware family:
CobaltStrike
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/1a71685e9d69/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.96
Link:
https://yomi.yoroi.company/submissions/1a71685e9d69c3e7619c5f20dbc3bbd693efb1db2370f5127d7f5c81df2baf3b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/338486/

Comments