MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 481e9d59d029095c851ede4f139336a70b5b57f8e7b323a5b7c3609021cd54c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	481e9d59d029095c851ede4f139336a70b5b57f8e7b323a5b7c3609021cd54c2
SHA3-384 hash:	b0580c511c91ca478ccc378c940c3d62f18a0cd82c9b00309bee38694155ef8db1f9841ab8d9e069f90e64122081f19e
SHA1 hash:	39d302555f302f786fbd18c75b075ffd3ff93efa
MD5 hash:	55a82e60c6e849a0edd34febbfebcd18
humanhash:	emma-bulldog-crazy-zebra
File name:	481e9d59d029095c851ede4f139336a70b5b57f8e7b323a5b7c3609021cd54c2.bin
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	291'992 bytes
First seen:	2021-05-31 11:19:25 UTC
Last seen:	2021-05-31 12:17:16 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	3d00a5aa14ca9bec3e1ea153cbdef791 (4 x CobaltStrike)
ssdeep	6144:6Y+jAJz/ky2g4AQshXDhza2EGJo1f0O22w82U1cRtb:6Y+j2bt4ApdaVvTf2bb
Threatray	846 similar samples on MalwareBazaar
TLSH	DB549EC1AFF1FEC5D96364B7668E931379D2747CDF2369090AEA83076581C8A2B0DE11
Reporter	JAMESWT_WT
Tags:	1.A Connect GmbH CobaltStrike exe

Code Signing Certificate

Organisation:	1.A Connect GmbH
Issuer:	COMODO RSA Code Signing CA
Algorithm:	sha256WithRSAEncryption
Valid from:	2018-08-13T00:00:00Z
Valid to:	2022-08-13T23:59:59Z
Serial number:	a7e4ded4bf949d15aa4201843f1ab64d
Intelligence:	30 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:	This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:	SHA256
Thumbprint:	d519622e7d1eab2c240860d38779704319f1349cc57ab8c3d51d9f56145b582f
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

164

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

481e9d59d029095c851ede4f139336a70b5b57f8e7b323a5b7c3609021cd54c2.bin

Verdict:

No threats detected

Analysis date:

2021-05-31 11:25:12 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/98e2c512-9a3e-428f-9b99-1f487869bad4

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

CobaltStrikeBeacon

Link:

https://www.capesandbox.com/analysis/163453/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.46116534.13008.1270.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/794697

Signature

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/481e9d59d029095c851ede4f139336a70b5b57f8e7b323a5b7c3609021cd54c2/

Threat name:

Win64.Trojan.CobaltStrike

Status:

Malicious

First seen:

2021-04-17 10:05:36 UTC

File Type:

PE+ (Exe)

AV detection:

26 of 45 (57.78%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

CobaltStrike

0ec8d01e78f2157589701925ec97ada690046fa17ca65a0db766d96533529aab

CobaltStrike

1c8de01df040c973b37ae5ce8e1bb523e1ba24a9c25263706022f9a9894a2e50

CobaltStrike

79af3ed8a0c8344fb0bd82dd41e2cc753cf2f9c8825f333348ca2bebf1ede032

CobaltStrike

7d44007cdcfe063f3c1d38e29764e1b14ab2bbcea4cd90db04bdc8fa0c86b9aa

CobaltStrike

9127f4731cb668c005941f22e29406e5973f97a54faa0ea3d8b91b163e37b19a

CobaltStrike

9d0cc73772d79a0561d03db4e6aca9fad9b125afbbc7f2b4f7f3df25eeed56a0

CobaltStrike

a93eb70cc4152e32cd3a39fda968b2da5ade48453927410a0d520f2d13223d11

CobaltStrike

cb01f31a322572035cf19f6cda00bcf1d8235dcc692588810405d0fc6e8d239c

CobaltStrike

ecb843e273a1466cc30236163514fc5ec75031651448b30ba2f163578c62bb5b

CobaltStrike

+ 836 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:1359593325 backdoor trojan

Link:

https://tria.ge/reports/210531-6l5sxps2hj/

Behaviour

Modifies system certificate store

Cobaltstrike

Malware Config

C2 Extraction:

http://221.229.203.230:443/web/v3/static/js/html5shiv-21fc8c2ba8.js
http://182.140.143.251:443/web/v3/static/js/html5shiv-21fc8c2ba8.js
http://219.147.82.254:443/web/v3/static/js/html5shiv-21fc8c2ba8.js
http://223.111.255.252:443/web/v3/static/js/html5shiv-21fc8c2ba8.js

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.98

Link:

https://yomi.yoroi.company/submissions/481e9d59d029095c851ede4f139336a70b5b57f8e7b323a5b7c3609021cd54c2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/163453/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample