MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c
SHA3-384 hash:	b76b4dfcb84bbcf338bdbf70bda2f5d728aacdec35384f0a15a72c0fdbc7ac61af0de0b76ca2097fcd86926d9d99e58e
SHA1 hash:	abd30641e2edaed6da1342b1f740ac2dc5a5c897
MD5 hash:	3eb430d83889ab79411a04fb904b7e1f
humanhash:	summer-robert-utah-cat
File name:	2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	288'256 bytes
First seen:	2020-09-08 14:52:50 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	17b461a082950fc6332228572138b80c (121 x CobaltStrike, 2 x Cobalt Strike)
ssdeep	3072:nCEhkXIDF0k4/wy7mgjVKjnJnQVqDz92AgWP/wzKWIs5oMqAgJQzwzGVk2KWqK6A:nCEkYDFT4/VPjkoSqFgYwz366qPLOS
TLSH	FF54AE0AABBAC4F3D59658F5DE8C3770D82448058D31BFB208E9C55D28D2967FB3948B
Reporter	JAMESWT_WT
Tags:	CobaltStrike

Intelligence

File Origin

# of uploads :

# of downloads :

125

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/57953/

Detection(s):

Win.Trojan.CobaltStrike-9044898-1

Win.Trojan.CobaltStrike-7899871-1

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

DNS request

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c/

Threat name:

Win64.PUA.CobaltStrikeArtifact

Status:

Malicious

First seen:

2020-09-02 12:29:48 UTC

File Type:

PE+ (Exe)

AV detection:

25 of 29 (86.21%)

Threat level:

1/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=fr27zmmyhkd6pbxmorncbxzpfziiykknuqhjk3qmiz4gabisbjwa._file

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

trojan backdoor family:cobaltstrike

Link:

https://tria.ge/reports/200908-1excxyl42n/

Behaviour

Cobaltstrike

Malware Config

C2 Extraction:

http://masdariotalliance.com:443/user--host/user--hostname-service.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

CobaltStrike

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/57953/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample