MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30e835866395298b102bb0bc62ea0d2f8aa26bd06bb38a6dc4112beb4df2219f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	30e835866395298b102bb0bc62ea0d2f8aa26bd06bb38a6dc4112beb4df2219f
SHA3-384 hash:	7c92e4c85fb11da86652c897abfb86dec7e3ca7330237b53194fb6e0804e33d1009a983597b6398b19d2c15d067895ad
SHA1 hash:	d623c9bb721f0a30770acd6f67053f6554185ba9
MD5 hash:	7df806ff482d88dc652a634338ef616b
humanhash:	enemy-nitrogen-paris-berlin
File name:	30e835866395298b102bb0bc62ea0d2f8aa26bd06bb38a6dc4112beb4df2219f
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	430'592 bytes
First seen:	2023-08-11 15:00:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0104663fe1ade3974a7b185f8d21896d (1 x CobaltStrike)
ssdeep	6144:z40y4KNS/BG2J0d/16U/YQ9Ikg75nV3h/HX3C0sWpGTv/+UAXKKz/:z+0/X0dt6Ugtp75//nC0JcTv/+UAp/
Threatray	5 similar samples on MalwareBazaar
TLSH	T1C894F3C6B71BECF9CBF3C076A11163353E89EAC140919E374761C7B96D35908A85ACB1
TrID	44.4% (.EXE) Win64 Executable (generic) (10523/12/4) 21.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.6% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	Anonymous
Tags:	Cobalt Strike exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

312

Origin country :

US

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

30e835866395298b102bb0bc62ea0d2f8aa26bd06bb38a6dc4112beb4df2219f

Verdict:

No threats detected

Analysis date:

2023-08-11 15:02:37 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/aa5ebfb2-fef7-4e0e-a17e-15f298d9c390

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/442178/

Detection(s):

SecuriteInfo.com.Win64.TrojanX-gen.783.31656.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

DNS request

Launching the default Windows debugger (dwwin.exe)

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/64d64d30cd0e130fbfc0859e/reports/1c30b6f1-f222-4cf8-9a1f-a0017eff0e75/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/30e835866395298b102bb0bc62ea0d2f8aa26bd06bb38a6dc4112beb4df2219f

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/07078ff7-9269-449f-845c-654d34923a8c

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1290114

Signature

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

cobaltstrike

Link:

https://mwdb.cert.pl/sample/30e835866395298b102bb0bc62ea0d2f8aa26bd06bb38a6dc4112beb4df2219f/

Threat name:

Win64.Backdoor.CobaltStrikeBeacon

Status:

Malicious

First seen:

2023-08-03 01:01:49 UTC

File Type:

PE+ (Dll)

AV detection:

13 of 24 (54.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gdudlbtdsuuyweblwc6gf2qnf6fke26qnozyu3oecev6wtpsegpq._file

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

6eec1d354aaa981a5bd59e144dce2376dbb5b153de66b3cac6672cd83d0914c1

a27734578daa0ece490f3df8fef37d7218bd91e0d786021c6fa51ebfb40d782d

a9b9b041c15253ca700295888896273fd78fb7ec1b5ac84d5e984b9615c9dc4e

fd2805fcbb98043679e0ce2ccd112134a767df7010acc24c395cffd73dbc56d6

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/230811-sdwa2afh5v/

Behaviour

Program crash

Cobaltstrike

Malware Config

C2 Extraction:

http://nesanocige.us:443/files/favicon.ico

Unpacked files

SH256 hash:

30e835866395298b102bb0bc62ea0d2f8aa26bd06bb38a6dc4112beb4df2219f

MD5 hash:

7df806ff482d88dc652a634338ef616b

SHA1 hash:

d623c9bb721f0a30770acd6f67053f6554185ba9

Link:

https://www.unpac.me/results/fb4c5b97-e9ad-44c7-8d43-eaedc650c9e7/

Malware family:

CobaltStrike

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/30e835866395/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/30e835866395298b102bb0bc62ea0d2f8aa26bd06bb38a6dc4112beb4df2219f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/442178/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample