MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2af42a2047b16f2dea0038365058a8d8b7f71152117c371ce7f593e47aa785d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	2af42a2047b16f2dea0038365058a8d8b7f71152117c371ce7f593e47aa785d1
SHA3-384 hash:	1ac770f4f9dd1950c63b98aed289f96a165f256cefd545e422ef32faf5def1f5babbbfa30317ad0ad75b65375431a557
SHA1 hash:	4453bc3d52eff7e5c1d49fa6c5dc0a4c11d1dab5
MD5 hash:	77632e63cf1c449a1344f41bd016ef79
humanhash:	hydrogen-nineteen-finch-vermont
File name:	SecuriteInfo.com.Artemis77632E63CF1C.29409
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	499'200 bytes
First seen:	2020-11-12 13:46:24 UTC
Last seen:	2024-07-24 12:34:34 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	336a79477e6c3dc5c3e10256c7261509 (3 x CobaltStrike)
ssdeep	6144:zdeCZyTN/SX6q8GL5F7+/aImJn6ZJZEcdIc8Z2t7AajbSzdnFutkyVuxh0jiAOxJ:5eFoq+vWaIkn6ZT4eUa/ShFutkVIj/
Threatray	639 similar samples on MalwareBazaar
TLSH	FCB4029FB6A6407FE03A91B584931516E775B8560B10AB9F039802665F37BF08E7FF20
Reporter	SecuriteInfoCom
Tags:	Cobalt Strike

Intelligence

File Origin

# of uploads :

3

# of downloads :

65

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Artemis77632E63CF1C.29409.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2af42a2047b16f2dea0038365058a8d8b7f71152117c371ce7f593e47aa785d1/

Threat name:

Win64.PUA.CobaltStrikeBeacon

Status:

Malicious

First seen:

2020-11-12 10:41:07 UTC

File Type:

PE+ (Dll)

Extracted files:

1

AV detection:

24 of 29 (82.76%)

Threat level:

1/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

00c59c0d8af0256ef1e4dabc474a53b85bebb24e791e19cc8a577559a38d4bd1

260ebbf392498d00d767a5c5ba695e1a124057c1c01fff2ae76db7853fe4255b

3e6c11f27c1309c63abe0a1563c6141ce7b8d8110419c572be46dcb3578db443

49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a

9c3b7ba8d375f19993312a6ac20418e0d107d73b30d585e9ad3646e150ff7c5a

a8241398b22ba3745b460a7a0c39cb9a86ca258b9283901d42e8dab283acb39b

b3fd750484fca838813e814db7d6491fea36abe889787fb7cf3fb29d9d9f5429

bf9b98c2b8e313967028e6ba8760d9a23f6b93036b5f85631494e870a90af779

c3cd38ef21032f1410a496a7ca71239619a8d9aa289e70f05f42893def8129e0

f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f

+ 629 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201112-zehkcz5672/

Unpacked files

SH256 hash:

2af42a2047b16f2dea0038365058a8d8b7f71152117c371ce7f593e47aa785d1

MD5 hash:

77632e63cf1c449a1344f41bd016ef79

SHA1 hash:

4453bc3d52eff7e5c1d49fa6c5dc0a4c11d1dab5

Link:

https://www.unpac.me/results/320299a7-f8f5-4479-b945-28933f85bb83/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 2af42a2047b16f2dea0038365058a8d8b7f71152117c371ce7f593e47aa785d1

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/810249/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample