MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 284b3dde6049c0d9be0c3cd55b0e5c286796d937e4964347e3d3fb8fda495cfc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 284b3dde6049c0d9be0c3cd55b0e5c286796d937e4964347e3d3fb8fda495cfc
SHA3-384 hash: 2d5dce3794f61a1e081972399b12440b450c5bf7b86986600957e00406da212169d652cdef516a76289013ede327505c
SHA1 hash: 00d54bbcfed3248bd360c605eaf2e75bd85e4b99
MD5 hash: 007f1c18e002c1d5c8fbba68e76ab5cf
humanhash: pizza-lion-jersey-lemon
File name:284b3dde6049c0d9be0c3cd55b0e5c286796d937e4964347e3d3fb8fda495cfc.bin
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:4'643'490 bytes
First seen:2021-07-28 11:21:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1f80f1cd81b94f85521db216e293a080 (1 x CobaltStrike)
ssdeep 98304:ndWaWB9X314sW/xcJQ8VdXk+OR7BYrLSFYMYmwC3H9XGbF4k9efO:aBt14xcJtrUnB+KYMYOVGbZcfO
Threatray 23 similar samples on MalwareBazaar
TLSH T1542633D4B29450F9F9A26031D865CE05A2F234572B90935B93DC42B0EFB33A5A73F7A1
dhash icon 74f4c4c6d2c4c4d4 (1 x CobaltStrike)
Reporter JAMESWT_WT
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
493
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
284b3dde6049c0d9be0c3cd55b0e5c286796d937e4964347e3d3fb8fda495cfc.bin
Verdict:
No threats detected
Analysis date:
2021-07-28 11:22:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2b11cd5f-3120-46d4-be44-bf0c5bd4c940

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174623/
Detection(s):
SecuriteInfo.com.generic.ml.11257.31003.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/e88aeb3f-0e77-46bc-8a25-b5130a5272d9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/823016
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win64.Trojan.Shelma
Create hunting rule
Status:
Malicious
First seen:
2021-07-25 15:10:13 UTC
File Type:
PE+ (Exe)
Extracted files:
281
AV detection:
9 of 28 (32.14%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
19b63b2152c3db2a234d2ffec83f8f05fce9986829352779a0a60d1c1f3bf2ae
CobaltStrike
3938467f9676ae5d8907f3b10d5f7a34257f2981165feb61fefae8b6574451bc
CobaltStrike
3d30f3e545110a115ed70bb765354c8b3a7cffa96440f0ea45ee819c71ccb8e9
CobaltStrike
44d961f8647d856ae040bf6c7797f1edee4712a1af7396776560f2aeafea6434
CobaltStrike
5a2e947aace9e081ecd2cfa7bc2e485528238555c7eeb6bcca560576d4750a50
CobaltStrike
647445a04c0d58e00c8e81c5f7393b183953670664fd34e10ed15e13a2eac775
CobaltStrike
81429537eaee5bbddb85975b66d4726bc8f80daec6167a5d3e796ea377dd3fa6
CobaltStrike
88e7b17b889fe2b623121b8e2bba6317979bd79885536b21524e94797b3ed36c
CobaltStrike
ceba09dc5368ded2d7d5b62bd36fdecbd47aee8f3219abfd2ca32f31b0eba7b0
CobaltStrike
e463d24b09ee120b0d0b6230d24f4337a73e312a4ac7fb9a3b434ec0a805db00
CobaltStrike
+ 13 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/210728-pbrmvp6tb6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Loads dropped DLL
Cobaltstrike
Suspicious use of NtCreateProcessExOtherParentProcess
Malware Config
C2 Extraction:
http://101.37.15.184:8888/SUqD
Unpacked files
SH256 hash:
284b3dde6049c0d9be0c3cd55b0e5c286796d937e4964347e3d3fb8fda495cfc
MD5 hash:
007f1c18e002c1d5c8fbba68e76ab5cf
SHA1 hash:
00d54bbcfed3248bd360c605eaf2e75bd85e4b99
Link:
https://www.unpac.me/results/43513c2d-64a9-472d-867e-5351308ca69e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/284b3dde6049c0d9be0c3cd55b0e5c286796d937e4964347e3d3fb8fda495cfc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/174623/

Comments