MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e6c11f27c1309c63abe0a1563c6141ce7b8d8110419c572be46dcb3578db443. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e6c11f27c1309c63abe0a1563c6141ce7b8d8110419c572be46dcb3578db443
SHA3-384 hash: 37826ae0c5f1057fa578915b9fdef71ba1940b8a74dd2e5decf019d7d02d4b2153829d8b2ad0eca096b6cb32eeaec7d6
SHA1 hash: 506ee5fd0365f20a8022187004a169edb70f45b3
MD5 hash: a3cad4f0caf2af2d2dd31aa6ea1b1af4
humanhash: bakerloo-early-eighteen-robert
File name:index.dll
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:413'184 bytes
First seen:2020-07-21 08:41:39 UTC
Last seen:2020-07-21 11:44:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 336a79477e6c3dc5c3e10256c7261509 (3 x CobaltStrike)
ssdeep 12288:tqsRv/JXAz/JjGqGFSxwq5PbhbyfPqzUOZPB:fRvxwU9sOkbhEPqzLd
Threatray 2'659 similar samples on MalwareBazaar
TLSH A994E067B2A654BBD0228275C1E30106F376BC511B65CBEF036446AB5F273909EBEB31
Reporter abuse_ch
Tags:CobaltStrike dll


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: s99.radiancetech.net
Sending IP: 210.193.49.209
From: Connor Bucklin <lsme@lsme.com.sg>
Subject: Connor from Ensilica Limited
Attachment: Products_data_20200772.xls

Unknown payload URL:
http://51.77.103.125/api.php
http://104.243.34.50/index.dll

Unknown C2s:
65aa694bba.hosting-64.xyz
def0192jery.netf30813.monster
commandline.pipelevel64.xyz
proxied.2-server.xyz
cloudtraffic.media64.xyz
contentdnet.netw32.xyz
cloudconf.pipe-64.xyz

Intelligence

File Origin
# of uploads :
3
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/29860/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/392868
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 248771 Sample: index.dll Startdate: 21/07/2020 Architecture: WINDOWS Score: 48 25 Multi AV Scanner detection for submitted file 2->25 8 loaddll64.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 regsvr32.exe 8->12         started        process5 14 iexplore.exe 5 74 10->14         started        process6 16 iexplore.exe 3 153 14->16         started        dnsIp7 19 edge.gycpi.b.yahoodns.net 87.248.118.22, 443, 49755, 49756 YAHOO-DEBDE United Kingdom 16->19 21 pagead.l.doubleclick.net 172.217.16.162, 443, 49735, 49736 GOOGLEUS United States 16->21 23 19 other IPs or domains 16->23
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e6c11f27c1309c63abe0a1563c6141ce7b8d8110419c572be46dcb3578db443/
Threat name:
Win64.Trojan.TrickBot
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 07:02:00 UTC
File Type:
PE+ (Dll)
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hzwbd4t4cme4mov6bikwhrqudtt3rwaraqm4k4v6i3olgv4nwrbq._file
Verdict:
malicious
Similar samples:
02f1e585df63c50efe87bd6e752c38a0b44884a6c81347abcf16f87f075bbbdf
CobaltStrike
080ef9f0362e415d3292125aa97d460f0499b6bec9596e2e580aef1fd7576e07
CobaltStrike
4d71f1eab01045de9ae76ea248be7746bad70c12ad977eeb6e8f8e46bbce6395
CobaltStrike
88e7b17b889fe2b623121b8e2bba6317979bd79885536b21524e94797b3ed36c
CobaltStrike
9282d409b92e1ebf58829283933edea243f7ccf3b68456139986c7cb5949522d
CobaltStrike
a8241398b22ba3745b460a7a0c39cb9a86ca258b9283901d42e8dab283acb39b
CobaltStrike
ce83f302a60301e222c23e67a7525106d610c6231c23d747ad4263669c1c88c7
CobaltStrike
e99cc027c77bed5c1414225e39093bde66c654a9adfcca9cb3ddafa266410aea
CobaltStrike
ec06102bf93522b24afce8e7641a0182b4bf0c53861599f22b5ee257ad1ee2d8
CobaltStrike
f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f
CobaltStrike
+ 2'649 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200721-rdq8hba2ja/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3e6c11f27c1309c63abe0a1563c6141ce7b8d8110419c572be46dcb3578db443

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

CobaltStrike

Excel file xls c221112f02f36a1e902fcf2fad12faf8a458cbbdfa5cb91d5ec6520f019851e0

CobaltStrike

Executable exe 3e6c11f27c1309c63abe0a1563c6141ce7b8d8110419c572be46dcb3578db443

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/415823/
  
Dropped by
MD5 5ab8c1f4d5087c1ad231a6cb418db6e1
  
Dropped by
SHA256 c221112f02f36a1e902fcf2fad12faf8a458cbbdfa5cb91d5ec6520f019851e0
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/29860/

Comments