MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ace2c48573aa62bf0cf258b223d45e7cc9b6e21b441fd2ee8d93a87e7cf0f9e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 15


Intelligence 15 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ace2c48573aa62bf0cf258b223d45e7cc9b6e21b441fd2ee8d93a87e7cf0f9e
SHA3-384 hash: 3eabfde065746cdcf2ab60b3870e708de969d7c86aae751d21b30fb9ac745f58c50e5537e1fbe970e7e5913c9feb7f03
SHA1 hash: 45c30e29bffcd84be139467680ce6689efa10308
MD5 hash: 2530d7848475ea20584e4d5998fec927
humanhash: friend-connecticut-emma-double
File name:devicelearn.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:1'038'888 bytes
First seen:2026-02-28 04:58:03 UTC
Last seen:2026-02-28 05:31:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f9f05b8972c1df9fd64d5922fa4b9a36 (1 x CobaltStrike)
ssdeep 24576:RJ7kEmhFr0bLAQOqolEoZNvS69JBcWk3xfRR:Dk7huBOqoi4qqcW4xf/
Threatray 5 similar samples on MalwareBazaar
TLSH T1A725B07BF69284BCC2CBC1B87782DAE5A871BC180130715E42D5A5527F5BC202FEE6E5
TrID 33.1% (.EXE) Win64 Executable (generic) (6522/11/2)
25.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.4% (.ICL) Windows Icons Library (generic) (2059/9)
10.3% (.EXE) OS/2 Executable (generic) (2029/13)
10.1% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter Ling
Tags:CobaltStrike exe Trojan:Win64/TurtleLoader!rfn TurtleLoader


Avatar
CNGaoLing
Trojan:Win64/TurtleLoader!rfn (Microsoft Defender)

CobaltStrike

Intelligence

File Origin
# of uploads :
2
# of downloads :
159
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
cobaltstrike
Create hunting rule
ID:
1
File name:
1ace2c48573aa62bf0cf258b223d45e7cc9b6e21b441fd2ee8d93a87e7cf0f9e.exe
Verdict:
Malicious activity
Analysis date:
2026-02-27 12:42:57 UTC
Tags:
cobaltstrike backdoor
Link:
https://app.any.run/tasks/4c4cb5d8-3120-4489-98e2-37866d78c8c6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
CobaltStrikeStager
Create hunting rule
Link:
https://www.capesandbox.com/analysis/54966/
Detection(s):
SecuriteInfo.com.W32.PossibleThreat.27350.30616.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a19150c950ab5d9ab219d6
Tags:
cobalt emotet
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug base64 mingw nim overlay packed unsafe
Link:
https://www.filescan.io/uploads/69a275e79eaae84659408547/reports/5b973d60-78bf-4af2-841b-3f9d2ee0bc9c/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/1ace2c48573aa62bf0cf258b223d45e7cc9b6e21b441fd2ee8d93a87e7cf0f9e
Verdict:
Malicious
File Type:
exe x64
Detections:
Trojan.Win32.Shelm.a HEUR:Trojan.Win32.Generic Trojan.Win64.Shlem.rlb Trojan.Win64.Shlem.sb Trojan.Win64.Shelm.sb
Link:
https://opentip.kaspersky.com/1ace2c48573aa62bf0cf258b223d45e7cc9b6e21b441fd2ee8d93a87e7cf0f9e/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/d1a58d4f-0d88-46fc-a165-266ff49d5a32
Score:
97%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/1ace2c48573aa62bf0cf258b223d45e7cc9b6e21b441fd2ee8d93a87e7cf0f9e
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/2530d7848475ea20584e4d5998fec927
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1ace2c48573aa62bf0cf258b223d45e7cc9b6e21b441fd2ee8d93a87e7cf0f9e/
Verdict:
Malicious
Threat:
Family.COBALTSTRIKE
Link:
https://tip.neiki.dev/file/1ace2c48573aa62bf0cf258b223d45e7cc9b6e21b441fd2ee8d93a87e7cf0f9e
Threat name:
Win64.Trojan.TurtleLoader
Create hunting rule
Status:
Malicious
First seen:
2026-02-27 12:43:12 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dlhcyscxhktcx4gpewfsepkf47gjw3rbwra72lxi3e5ipz6pb6pa._file
Verdict:
malicious
Label(s):
metasploit
Create hunting rule
Similar samples:
1ace2c48573aa62bf0cf258b223d45e7cc9b6e21b441fd2ee8d93a87e7cf0f9e
CobaltStrike
cef6e5b7af99de184e7bcaa3a1cbda8b74430f0991b0fec208e8465cd6557c9a
CobaltStrike
error
CobaltStrike
ff6cf1ec90b5ee387d12dbd0d9f27d29fd8a72a306345076cffd29bb93c09f34
CobaltStrike
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/260228-flypxab14d/
Behaviour
Cobaltstrike
Cobaltstrike family
Malware Config
C2 Extraction:
http://192.168.158.128:80/jquery-3.3.2.slim.min.js
Unpacked files
SH256 hash:
1ace2c48573aa62bf0cf258b223d45e7cc9b6e21b441fd2ee8d93a87e7cf0f9e
MD5 hash:
2530d7848475ea20584e4d5998fec927
SHA1 hash:
45c30e29bffcd84be139467680ce6689efa10308
Link:
https://www.unpac.me/results/52a4804a-3536-408d-a7b8-8ba94651c1d1/
Malware family:
Metasploit
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/1ace2c48573a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.48
Link:
https://yomi.yoroi.company/submissions/1ace2c48573aa62bf0cf258b223d45e7cc9b6e21b441fd2ee8d93a87e7cf0f9e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe 1ace2c48573aa62bf0cf258b223d45e7cc9b6e21b441fd2ee8d93a87e7cf0f9e

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/54966/

Comments