MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 316b0ed598d0587a567220ea8dac7988e905884bbe5d8e927e1d03b0d4acd6a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Cobalt Strike

Vendor detections: 18

Intelligence 18 IOCs YARA 2 File information Comments

SHA256 hash:	316b0ed598d0587a567220ea8dac7988e905884bbe5d8e927e1d03b0d4acd6a4
SHA3-384 hash:	bd5c3ee25e98d10c1b93777d2f604bdb833f83030ea4f851c81f3dc0057ea3af5dc90f7c829c65e02f13ad9d40c7c91f
SHA1 hash:	0793abb9e6c80fb8b8e830ab68b62e2189f49fba
MD5 hash:	06267383790ba82f36a5da8614296f8e
humanhash:	venus-emma-spaghetti-ten
File name:	关于春节假日调休通知.exe
Download:	download sample
Signature	Cobalt Strike Create hunting rule
File size:	65'543 bytes
First seen:	2026-01-08 02:06:03 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	da36125deb24d606380bce8191d29e62 (1 x CobaltStrike, 1 x Cobalt Strike)
ssdeep	768:HQmE7O7UotFrxjmaWtItE+im6gvqWddoCWmQuD+rPdlxPoqQd+7tLVT:wBzofFjmKim6+qWddo5lHJoqQd+7fT
Threatray	3 similar samples on MalwareBazaar
TLSH	T1F5533FD53AD95CC6EF00627D51EA9336263CFAD0CA835B1B663076321E12FD13ED621A
TrID	44.4% (.EXE) Win64 Executable (generic) (10522/11/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	Ling
Tags:	Cobalt Strike exe Malgent Trojan:Win64/Malgent!MSR

CNGaoLing

This sample has been reviewed by Microsoft researchers and determined to be malware. (Trojan:Win64/Malgent!MSR)

Intelligence

File Origin

# of uploads :

# of downloads :

129

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

cobaltstrike

ID:

File name:

å³äºæ¥èåæ¥è°ä¼éç¥.exe

Verdict:

Malicious activity

Analysis date:

2026-01-08 02:06:37 UTC

Tags:

cobaltstrike

Link:

https://app.any.run/tasks/05696853-5440-466c-ab9c-10b724098a15

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

CobaltStrikeStager

Link:

https://www.capesandbox.com/analysis/48130/

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=695f112b9922425f92fe942d

Tags:

cobaltstrike cobalt

Result

Verdict:

Clean

Maliciousness:

Behaviour

Connection attempt

DNS request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug overlay packed

Link:

https://www.filescan.io/uploads/695f112787e75cdd5af7ed56/reports/a85c2768-f227-4778-af77-bedb5f2418a4/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/316b0ed598d0587a567220ea8dac7988e905884bbe5d8e927e1d03b0d4acd6a4

Verdict:

Malicious

File Type:

exe x64

First seen:

2026-01-07T14:39:00Z UTC

Last seen:

2026-01-09T03:24:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan.Win64.Shelma.a HEUR:Trojan.Win32.Generic

Link:

https://opentip.kaspersky.com/316b0ed598d0587a567220ea8dac7988e905884bbe5d8e927e1d03b0d4acd6a4/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/d3dadd65-d3ab-4f9b-b257-5d5a6491c2d7

Score:

74%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/316b0ed598d0587a567220ea8dac7988e905884bbe5d8e927e1d03b0d4acd6a4

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/06267383790ba82f36a5da8614296f8e

Detection:

cobaltstrike

Link:

https://mwdb.cert.pl/sample/316b0ed598d0587a567220ea8dac7988e905884bbe5d8e927e1d03b0d4acd6a4/

Verdict:

Malicious

Threat:

Family.COBALTSTRIKE

Link:

https://tip.neiki.dev/file/316b0ed598d0587a567220ea8dac7988e905884bbe5d8e927e1d03b0d4acd6a4

Threat name:

Win64.Backdoor.Cobeacon

Status:

Suspicious

First seen:

2026-01-08 02:10:23 UTC

File Type:

PE+ (Exe)

AV detection:

14 of 24 (58.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gfvq5vmy2bmhuvtsedvi3ldzrduqlcclxzoy5et6dub3bvfm22sa._file

Verdict:

malicious

Label(s):

metasploit

cobaltstrike

Cobalt Strike

316b0ed598d0587a567220ea8dac7988e905884bbe5d8e927e1d03b0d4acd6a4

Cobalt Strike

error

Cobalt Strike

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/260108-cjm9lscx3a/

Behaviour

Cobaltstrike

Cobaltstrike family

Malware Config

C2 Extraction:

http://121.41.108.109:10010/SWfM

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/757e268f-cecc-4df7-a1bd-916ab399c600

Unpacked files

SH256 hash:

316b0ed598d0587a567220ea8dac7988e905884bbe5d8e927e1d03b0d4acd6a4

MD5 hash:

06267383790ba82f36a5da8614296f8e

SHA1 hash:

0793abb9e6c80fb8b8e830ab68b62e2189f49fba

Link:

https://www.unpac.me/results/1348df8c-ba90-4342-83cc-386ba5ebdb67/

Malware family:

Metasploit

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/316b0ed598d0/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Pay2Key

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/316b0ed598d0587a567220ea8dac7988e905884bbe5d8e927e1d03b0d4acd6a4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	pe_detect_tls_callbacks Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Cobalt Strike

exe 316b0ed598d0587a567220ea8dac7988e905884bbe5d8e927e1d03b0d4acd6a4

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/48130/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample