MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 452363ce4a4695a985d5a6200de2b43692f7e0d4df11f0b30b42fc78a0cc9440. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	452363ce4a4695a985d5a6200de2b43692f7e0d4df11f0b30b42fc78a0cc9440
SHA3-384 hash:	4864a7de9effa7f935312a832f966a1b9e8538eac103ebe8bfd1c99ca87b1de2cb60c7969bfd5779359a3729c86940c2
SHA1 hash:	e2a2973277f10f806c9138b75aaec71789c35438
MD5 hash:	5fbb46a2069e2da96f5e7c944ef583ce
humanhash:	xray-robin-tennis-lake
File name:	123.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	99'328 bytes
First seen:	2021-03-27 14:23:02 UTC
Last seen:	2021-03-27 15:30:27 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	aec943e1c3eeb601800fc3fd1d6b7332 (1 x CobaltStrike)
ssdeep	1536:3O6ifh71I8C/S2mBjLrv+9oRAJFmdD8kvWWVcc6r1hNVomPC2ieW:+6iJBjfBzm/JF0IYpScotK2i/
Threatray	641 similar samples on MalwareBazaar
TLSH	B2A31B2F729250BCC11BC23C47DBAAB2E9B5B86507307A6E1440F7352FA5C816B7DE25
Reporter	vm001cn
Tags:	CobaltStrike exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

700

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

123.exe

Verdict:

No threats detected

Analysis date:

2021-03-27 14:26:11 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e48a57c9-e157-45f7-a15d-dc0da2e8523c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/127266/

Detection(s):

SecuriteInfo.com.BackDoor.Meterpreter.157.10477.4213.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Sending an HTTP GET request

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

BazarLoader

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/25d34d71-215f-400b-877a-d378e773990c

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/655864

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/452363ce4a4695a985d5a6200de2b43692f7e0d4df11f0b30b42fc78a0cc9440/

Threat name:

Win64.Backdoor.Meterpreter

Status:

Malicious

First seen:

2021-03-26 16:21:27 UTC

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=iurwhtski2k2tbovuyqa3yvug2jppygu34i7bmylil6hrigmsraa._file

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

03729ae2db20f485c0b83fbf36d2a22d629137deb2032bf972132db9f2805882

132bdcb986e3e3b9599b5b293b3318e7c630495e87a9d1fa02287ae80f9e652f

6cf0a44011ec1e1a891d7d06357c4687634e42d65a3eecfe9180e608b5d6e150

84cef0aed269e6213bfa213d95a3db625bcdde130f33bf4227436985e4473252

8fabea95cbfe1da521dfcd7880ec3301a3a32175741680d8c1a8acacc0199eb7

a93eb70cc4152e32cd3a39fda968b2da5ade48453927410a0d520f2d13223d11

cb01f31a322572035cf19f6cda00bcf1d8235dcc692588810405d0fc6e8d239c

d03b1d500e960377df77a72c5074b4c56b29f938f48ecd03ac846b38d3c914d3

dbafbe9edfdac67a781756a6970a7341fd5401b0914fff7e3e8136cff0426fc5

f25295fc7d3435f80f39e602465da255ee0ace3d845315dac8731873adff894d

+ 631 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/210327-jqcy34t3je/

Behaviour

Cobaltstrike

Unpacked files

SH256 hash:

452363ce4a4695a985d5a6200de2b43692f7e0d4df11f0b30b42fc78a0cc9440

MD5 hash:

5fbb46a2069e2da96f5e7c944ef583ce

SHA1 hash:

e2a2973277f10f806c9138b75aaec71789c35438

Link:

https://www.unpac.me/results/397ed22b-00a4-41f5-a6db-0a80161e7db0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/452363ce4a4695a985d5a6200de2b43692f7e0d4df11f0b30b42fc78a0cc9440

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/127266/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample