MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b11ae98b85bb0645abe36adcd852e6e84b51c6b5c811729f3c19f14f32d4e4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	1b11ae98b85bb0645abe36adcd852e6e84b51c6b5c811729f3c19f14f32d4e4f
SHA3-384 hash:	6af99811ae0d37d172cdeb046bce94d46b4bc13cf232b07c78468d79eb147c3008ae92226217b8b68cc2a905119278e7
SHA1 hash:	c3e206b0babe20ffd9663a4e28272ef6c24bab8a
MD5 hash:	3a11f98d3d4fb8df67c97dc1bd06ff2e
humanhash:	asparagus-lemon-orange-iowa
File name:	abbb.dll
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	389'264 bytes
First seen:	2021-07-20 02:18:08 UTC
Last seen:	2021-07-20 06:07:25 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	b9096259d2afac167634d3bd1abea961 (1 x CobaltStrike)
ssdeep	6144:20mFPYOfTRbxLcXBf0PgrlIWmaSN24y+mIck5JkEbcrOYQpu3GP8r40k0akKf:xYP7RbxLa0T3k2c4Jxcrtdx5k0ab
Threatray	979 similar samples on MalwareBazaar
TLSH	T10484F1A7B1E004BBE076D234C8A30916EB7278411B61DF7F02A4926A1F677E15D3EB71
Reporter	Anonymous
Tags:	CobaltStrike exe MS Corporation Sofware Ltd signed

Code Signing Certificate

Organisation:	MS Corporation Sofware Ltd
Issuer:	COMODO RSA Extended Validation Code Signing CA
Algorithm:	sha256WithRSAEncryption
Valid from:	2021-05-10T00:00:00Z
Valid to:	2023-05-10T23:59:59Z
Serial number:	da49c0bacfd878b4949820e9ac0f168a
Intelligence:	3 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	25c0bf5bb5656c069e324244d52b8c0a4d066a5571ed24609887c6b79a48afdd
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

2

# of downloads :

513

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

abbb.dll

Verdict:

No threats detected

Analysis date:

2021-07-20 02:19:14 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/1fde2cb6-cfb7-4cf2-8df1-1bbd363c6351

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/172677/

Detection(s):

SecuriteInfo.com.generic.ml.22359.16985.UNOFFICIAL

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/f012644e-dc06-4cea-9568-e7ca2e291b2f

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/818622

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

cobaltstrike

Link:

https://mwdb.cert.pl/sample/1b11ae98b85bb0645abe36adcd852e6e84b51c6b5c811729f3c19f14f32d4e4f/

Threat name:

Win64.Trojan.CobaltStrike

Status:

Malicious

First seen:

2021-07-15 17:17:16 UTC

File Type:

PE+ (Dll)

Extracted files:

1

AV detection:

5 of 46 (10.87%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dmi25gfyloygiwv6g2w43bjon2clkhdllsarokptygprj4znjzhq._file

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

25e3873adf19d7e8ba42b472322dbafdfc21d55a2119b81ad9728d6e8e2b0e7b

2bfe11c06ffe157399432080f6de6190e1062c99b4a55ec31974b5a37ee8dd3c

2cb4d628278053eba42c82d58fb894c230451ffe70d519ff79c5f1cc76f32fd9

673d8268fd21825ca5f21d8b395cdcede7009b60e540cb36c46f5794626faefb

6880a560c6cc3dd49bdc94a90dcc8dc69e55a6d842e76bb0dff0038bad6a762f

9ca6449c0586a77c55586bcc7adfaef2c3cc53da4713c5ed57fced15a3054545

cb01f31a322572035cf19f6cda00bcf1d8235dcc692588810405d0fc6e8d239c

cf0a85f491146002a26b01c8aff864a39a18a70c7b5c579e96deda212bfeec58

e8d4bf2dc68074adf01dc003d51de3842994ae07fa88c370e8d29f1c27d9c407

+ 969 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/210720-ghd4l5p5rx/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Cobaltstrike

Unpacked files

SH256 hash:

1b11ae98b85bb0645abe36adcd852e6e84b51c6b5c811729f3c19f14f32d4e4f

MD5 hash:

3a11f98d3d4fb8df67c97dc1bd06ff2e

SHA1 hash:

c3e206b0babe20ffd9663a4e28272ef6c24bab8a

Link:

https://www.unpac.me/results/3ab8b01d-fbc6-4715-b0fb-bf356e170c96/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.25

Link:

https://yomi.yoroi.company/submissions/1b11ae98b85bb0645abe36adcd852e6e84b51c6b5c811729f3c19f14f32d4e4f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/172677/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample