MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2982b2da67e7c38952e2db5007c3f829328da458f7a90e9b3eb789598ccce6ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	2982b2da67e7c38952e2db5007c3f829328da458f7a90e9b3eb789598ccce6ac
SHA3-384 hash:	f673c3de303138876c6779193bc5d79ecd92f0337d845e3c876783d62149eda62e0326f52bfc5a30ba87f21f94d263ea
SHA1 hash:	bb011fcfd885dbc25008623af23e5948a39bfa6b
MD5 hash:	f54791d926b002bba2e5d18b703d1c92
humanhash:	arkansas-cup-mexico-georgia
File name:	Project1.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	98'816 bytes
First seen:	2021-09-04 09:19:41 UTC
Last seen:	2021-09-04 10:16:38 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d056dd049dc0647771637236e4e5dcf7 (1 x CobaltStrike)
ssdeep	1536:g7IDyiy6TjElCtDZp5/4ASs55At+6g3SQqjsWwd09dlVLdhHEfj:g7IDhyaj9t9pX93W+6DQ1Mbdh
Threatray	198 similar samples on MalwareBazaar
TLSH	T1B2A35B9777A530F9E1B2423988A11A09E772F83216A1CF6F03A406561F273D19E3EF71
Reporter	JAMESWT_WT
Tags:	1.14.66.81 CobaltStrike exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

641

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

Project1.exe

Verdict:

No threats detected

Analysis date:

2021-09-04 09:22:00 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/dcada94a-e872-4c20-b7b5-20471e0cc620

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/185273/

Detection(s):

SecuriteInfo.com.DeepScan.Generic.Exploit.Shellcode.2.6739903D.13927.9716.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Connection attempt

Sending an HTTP GET request

Launching the default Windows debugger (dwwin.exe)

Sending a UDP request

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b6fdbfee-2b50-48e0-abd5-5d8cc66f1a3f

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/845202

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2982b2da67e7c38952e2db5007c3f829328da458f7a90e9b3eb789598ccce6ac/

Threat name:

Win64.Backdoor.Meterpreter

Status:

Malicious

First seen:

2021-08-06 00:36:03 UTC

File Type:

PE+ (Exe)

Extracted files:

1

AV detection:

20 of 43 (46.51%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

118ed2b8b1f173f80cf2efd988170d78b876e0af02a10868b4d61aa01bedf1d3

21997a8180c9d1add6f4b7eb35d754d9a15acc614cdb5b11078eb5da661d9d3e

284b3dde6049c0d9be0c3cd55b0e5c286796d937e4964347e3d3fb8fda495cfc

5ebd9eba9fe6c84809d5917da7be37a70e3c6579b5c14bbad37be8b35f2d67f4

6bbabed7b0f11e304b0cb97013c9095d51fa330aee3a966b5626088e92a0dfeb

bd50fceeb89d220f6710030d3aacbc2427c5796d9b7f3dee8a362f4e7d4113ef

c380f48e3d649b6a44b05134108a8c79536f289240e9ed9135e35dadffb6c350

cc74f7e82eb33a14ffdea343a8975d8a81be151ffcb753cb3f3be10242c8a252

d54b73a94d481ee2917e42ba3d4ea3b70f368bb13cebf5b8824257907ac84ff1

e5fa7e3d66f99d172d3eba7af15276e7eb1958748832b8965b9eedba4cbfc90c

+ 188 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/210904-las8yaeah7/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Program crash

Cobaltstrike

Suspicious use of NtCreateProcessExOtherParentProcess

Malware Config

C2 Extraction:

http://1.14.66.81:80/9cxI

Unpacked files

SH256 hash:

2982b2da67e7c38952e2db5007c3f829328da458f7a90e9b3eb789598ccce6ac

MD5 hash:

f54791d926b002bba2e5d18b703d1c92

SHA1 hash:

bb011fcfd885dbc25008623af23e5948a39bfa6b

Link:

https://www.unpac.me/results/2b9adb7b-8620-439e-8ee3-37fb32d1f9d4/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2982b2da67e7c38952e2db5007c3f829328da458f7a90e9b3eb789598ccce6ac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/185273/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample