MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 203f753b4e81e49247f62c3f59e6744e6b7b3b0a399ebe7118b0fcc23c6ebf22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	203f753b4e81e49247f62c3f59e6744e6b7b3b0a399ebe7118b0fcc23c6ebf22
SHA3-384 hash:	440f5e0787307484bc4bbd32ca56e61759f9bcfcd2df31130deecaa45ff81807cef972f72523b325548d299a1b2d67ea
SHA1 hash:	3fa9e88a93db654224725d8e38ad43b18b5733be
MD5 hash:	4545e8256fb38c2c9755413f7079514b
humanhash:	uranus-coffee-floor-happy
File name:	203f753b4e81e49247f62c3f59e6744e6b7b3b0a399ebe7118b0fcc23c6ebf22
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	284'672 bytes
First seen:	2020-08-31 13:08:19 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	dc25ee78e2ef4d36faa0badf1e7461c9 (118 x CobaltStrike, 5 x Cobalt Strike)
ssdeep	6144:RR7blAoF/VtbO4Z6Fix+4jsfgZHAKjsBqnFSQ:RQ0bZ65ksn
Threatray	79 similar samples on MalwareBazaar
TLSH	6F54C0D42970FBABEAFA5B3C05759A26EB9C7252D52E037988EF8331012F7581471E07
Reporter	JAMESWT_WT
Tags:	101.132.33.79 CobaltStrike

Intelligence

File Origin

# of uploads :

1

# of downloads :

85

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/53549/

Detection(s):

Win.Trojan.CobaltStrike-7899872-1

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Sending an HTTP GET request

Sending a UDP request

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/455483

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to inject threads in other processes

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/203f753b4e81e49247f62c3f59e6744e6b7b3b0a399ebe7118b0fcc23c6ebf22/

Threat name:

Win32.Trojan.Cobalt

Status:

Malicious

First seen:

2020-08-09 22:53:00 UTC

File Type:

PE (Exe)

AV detection:

28 of 29 (96.55%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ea7xko2oqhsjer7wfq7vtztujzvxwoykhgpl44iywd6mepdox4ra._file

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

2bce6eb2839569ba077e24468259aa2678677275c632a0d276dcb14566cc6fcf

39d7474b63ada6e1a6d60bf32680e06a5265f88439942a37f8be3f668b78c2b2

888750cee6858ec2c6131628caa562be26b1c65ecaeff4addcbf73a456c99517

951cf534559a88818ccf0aa18e0b771a9e8159f40ecba9c58ceb5ba720859af8

a0bf02f7dd4044543ecaf4df5b150e945ac719f0a9899ffafd11f641de1acf2b

ab1da8377cc00a708cb0430c6c1ab1963a3a6866534b1b515c409925d660ae56

c116950f9ffd9a40a5b2d139311118bbbde55e751d5c2af99814a801f6236be2

d98c29847ea4a1acbc30f95ede18759d9f2ed343dd99d85a542efdf23fd497e5

f15491b940bdf60bc4e906b0c333ea3f7a7f38079a906b80a212901eb5ce0152

fde61e7e31794b93f99bc6e1a99c64debde2e6f982e7f385a7a6b1be41feb14c

+ 69 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

trojan backdoor family:cobaltstrike

Link:

https://tria.ge/reports/200831-9nbe9xd6rj/

Behaviour

Cobaltstrike

Malware Config

C2 Extraction:

http://101.132.33.79:4527/jquery-3.3.1.min.js

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/203f753b4e81e49247f62c3f59e6744e6b7b3b0a399ebe7118b0fcc23c6ebf22

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/53549/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample