MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42258760b5fdc3fdfd56bff7762b783d4bd343a4b72446959fe663acb2ca3342. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 42258760b5fdc3fdfd56bff7762b783d4bd343a4b72446959fe663acb2ca3342
SHA3-384 hash: 0f74347bab6a0f410eac36fb8343a206a65c6ab24bbeaf4c11dce5d64680878ceb580a9db9b9d5c1327a6c52ab6153bd
SHA1 hash: 5f48135d0a14a24f8d1c5c442104dfa48d7db152
MD5 hash: e26fc89c2930b1176b3860593d21e96a
humanhash: winner-xray-enemy-salami
File name:42258760b5fdc3fdfd56bff7762b783d4bd343a4b72446959fe663acb2ca3342
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:1'816'568 bytes
First seen:2021-09-15 11:50:23 UTC
Last seen:2021-09-15 13:19:05 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash a02594a00236605e5080c5d6c48bf19a (1 x CobaltStrike)
ssdeep 24576:MOqSsqOwvyUyaM6HfCLSWm6oGHL0WxVdf7jQw7hoXRVIhLeXDEQ/5Xsekn:vqSdvlyaM6HfCLSWpHbdV7hohVgwprk
Threatray 296 similar samples on MalwareBazaar
TLSH T1D7859D117796C876E5AE0131252CE76E5678BBA10FB1C1CFE3D46FA929705C24A32F23
dhash icon e07070646666b012 (1 x CobaltStrike)
Reporter JAMESWT_WT
Tags:CobaltStrike dll Hartex LLC signed

Code Signing Certificate

Organisation:Hartex LLC
Issuer:Sectigo Public Code Signing CA R36
Algorithm:sha384WithRSAEncryption
Valid from:2021-06-04T00:00:00Z
Valid to:2022-06-04T23:59:59Z
Serial number: 9b576882ccdb891fd6e4a66671f3ac71
Intelligence: 4 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: ac50a5d91a71ba8447ee795ff966e625aec004e49eb24adaa366b988686b65a5
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
535
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/188184/
Detection(s):
SecuriteInfo.com.UDS.Trojan.Win32.Shelma.a.9286.31224.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/61751a55a9d585e6d5370fcc/reports/b1f6a968-d4af-4146-82fe-260bb7e22135/overview
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/74d11ddb-728b-422b-84bf-b40565ae67f5
Result
Threat name:
CobaltStrike Metasploit
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/851373
Signature
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Yara detected CobaltStrike
Yara detected Metasploit Payload
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 483809 Sample: tbYV0oDF9Y Startdate: 15/09/2021 Architecture: WINDOWS Score: 72 46 Malicious sample detected (through community Yara rule) 2->46 48 Yara detected Metasploit Payload 2->48 50 Yara detected CobaltStrike 2->50 7 loaddll32.exe 39 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 6 7->11         started        15 iexplore.exe 1 75 7->15         started        17 11 other processes 7->17 dnsIp5 20 rundll32.exe 6 9->20         started        44 oldboytakecar.net 11->44 54 System process connects to network (likely due to code injection or exploit) 11->54 24 iexplore.exe 156 15->24         started        34 C:\Users\user\AppData\Local\Temp\vsE3CE.tmp, PE32 17->34 dropped 26 WerFault.exe 17->26         started        28 WerFault.exe 17->28         started        30 WerFault.exe 17->30         started        32 WerFault.exe 17->32         started        file6 signatures7 process8 dnsIp9 36 oldboytakecar.net 185.195.25.72, 443, 49838, 49839 SUPERSERVERSDATACENTERRU Russian Federation 20->36 52 System process connects to network (likely due to code injection or exploit) 20->52 38 edge.gycpi.b.yahoodns.net 87.248.118.22, 443, 49811, 49813 YAHOO-DEBDE United Kingdom 24->38 40 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49807, 49808 FASTLYUS United States 24->40 42 12 other IPs or domains 24->42 signatures10
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/42258760b5fdc3fdfd56bff7762b783d4bd343a4b72446959fe663acb2ca3342/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iisyoyfv7xb737kwx73xmk3yhvf5gq5ew4senfm74zr2zmwkgnba._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
18172c576df793d31efad7ab1623e2fcc15e8f744bc8381d1a8a63421963e3e6
CobaltStrike
57706d626980cfe25b27f6244b175e60cd087cb156336d4f774cad68fc54b34b
CobaltStrike
8243df4a5f6c52841fb457f79dccf4e41a6f2ce15a3441160da6f8c8fcd6763a
CobaltStrike
8545e60514c0b80a0375e8dba8da9515efc1621d9d6df05ee8196e635b801267
CobaltStrike
a3499e847373725d2924a5914b9ac861fda3c53b31ca5cfcaa02b9363f205774
CobaltStrike
b620e1d6736e5951a319a1af7e17d77f46929d200532dbee0d41b15f4318fc7d
CobaltStrike
bdcd3c7a1ac09028788acfa177ba75f1140745f686a1e5923b2520f522ad51eb
CobaltStrike
de9276fe0d69980d3ab80be2883bef46bd5979234ada3b221c4f415103b6cc71
CobaltStrike
fad4aa474affa78e820e731061ed7614feba095422465f0ca4c05a1f3506beb8
CobaltStrike
+ 286 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210915-nz5z5safa9/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
42258760b5fdc3fdfd56bff7762b783d4bd343a4b72446959fe663acb2ca3342
MD5 hash:
e26fc89c2930b1176b3860593d21e96a
SHA1 hash:
5f48135d0a14a24f8d1c5c442104dfa48d7db152
Link:
https://www.unpac.me/results/3f4920c4-6f4f-4fb3-a930-e0d877c77041/
Malware family:
Cobalt Strike
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/42258760b5fd/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/42258760b5fdc3fdfd56bff7762b783d4bd343a4b72446959fe663acb2ca3342

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/188184/

Comments