MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c683d112d528b63dfaa7ee0140eebc4960fe4fad6292c9456f2fbb4d2364680. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 11


Intelligence 11 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c683d112d528b63dfaa7ee0140eebc4960fe4fad6292c9456f2fbb4d2364680
SHA3-384 hash: c4a559cbb01e1c3e7fbafd27dce2774d4c9c1815037655fe80baa8cbf115233eb3bcc62d9562b77873278c76b4dc0627
SHA1 hash: bf93e3d6e7d9521bbb0adcc7cd894cb78df1efe2
MD5 hash: eb38a37b9be8b292438181acd45e848f
humanhash: zulu-thirteen-saturn-sixteen
File name:Launcher.hta
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:7'428 bytes
First seen:2023-06-09 14:10:04 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 192:oT8mq02tHpgnh5Ch4Sk85pm5wi1Nhriqru1rJ:oxkQnh5Ch4T85pQ5NhriqaP
TLSH T1C0E10478CC3C6E92465DB9807B21BD4010ED6D3B8E7DA5FCFF920450B654E4AEB32866
Reporter r3dbU7z
Tags:CobaltStrike hta powershell stager

Intelligence

File Origin
# of uploads :
1
# of downloads :
375
Origin country :
RU RU
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BV.Downloader-MA.20206.22559.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/2c683d112d528b63dfaa7ee0140eebc4960fe4fad6292c9456f2fbb4d2364680/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/648332f6d9c56cc8fb4347c5/reports/11af95a1-55b4-4ac8-b3cc-e7095d28f8c2/overview
Verdict:
Malicious
Labled as:
PwShell.PowerSploit.A.Generic
Link:
https://www.hybrid-analysis.com/sample/2c683d112d528b63dfaa7ee0140eebc4960fe4fad6292c9456f2fbb4d2364680
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1251980
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Encrypted powershell cmdline option found
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Very long command line found
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 885000 Sample: Launcher.hta Startdate: 09/06/2023 Architecture: WINDOWS Score: 80 21 Multi AV Scanner detection for domain / URL 2->21 23 Antivirus detection for URL or domain 2->23 25 Antivirus / Scanner detection for submitted sample 2->25 27 Multi AV Scanner detection for submitted file 2->27 8 mshta.exe 1 2->8         started        process3 signatures4 29 Very long command line found 8->29 11 cmd.exe 1 8->11         started        process5 signatures6 31 Very long command line found 11->31 14 powershell.exe 14 11->14         started        17 conhost.exe 11->17         started        process7 signatures8 33 Very long command line found 14->33 35 Encrypted powershell cmdline option found 14->35 19 powershell.exe 7 14->19         started        process9
Detection:
cobaltstrike
Create hunting rule
Link:
https://mwdb.cert.pl/sample/2c683d112d528b63dfaa7ee0140eebc4960fe4fad6292c9456f2fbb4d2364680/
Threat name:
Script-PowerShell.Hacktool.PowerSploit
Create hunting rule
Status:
Malicious
First seen:
2023-06-09 14:11:04 UTC
File Type:
Text (Batch)
AV detection:
19 of 37 (51.35%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=frud2ejnkkfwhx5kp3qbidxlysla7zh22yuszfcw6l53jurwi2aa._file
Result
Malware family:
metasploit
Create hunting rule
Score:
  10/10
Tags:
family:metasploit backdoor trojan
Link:
https://tria.ge/reports/230609-rg9gdsdb5s/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Blocklisted process makes network request
MetaSploit
Malware Config
C2 Extraction:
51.79.49.174:443
Malware family:
Unicorn
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/2c683d112d52/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2c683d112d528b63dfaa7ee0140eebc4960fe4fad6292c9456f2fbb4d2364680

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:QbotStuff
Create hunting rule
Author:anonymous

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

HTML Application (hta) hta 2c683d112d528b63dfaa7ee0140eebc4960fe4fad6292c9456f2fbb4d2364680

(this sample)

  
Delivery method
Distributed via web download

Comments