MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50961ee399fc45bdfcec9201e069417a8bd00bc38bd1707a32c65451c33a17da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	50961ee399fc45bdfcec9201e069417a8bd00bc38bd1707a32c65451c33a17da
SHA3-384 hash:	ab0dfc545adb942ad794228d3f5092083b487a5079383b96a3429d0d25325215733437d584aa1337026d3f7477bff02b
SHA1 hash:	2f0a7feac7da9c714aed0783b7f9e2f4bcf7783b
MD5 hash:	8336a6aeb41b066918c5cc7f27a4c36b
humanhash:	oranges-delaware-seventeen-sierra
File name:	gpupdate.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	44'032 bytes
First seen:	2022-06-29 07:19:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	68c9d2ac79e55fa783df8b0d47055919 (1 x CobaltStrike)
ssdeep	768:YRr2BmhNCJk2Nua3RsFTcuQwpWmTAmXQdttG3yEpF9GbwvJ2lg:xBmWJkEua3y6w4mTAmXarkPvUS
Threatray	1'813 similar samples on MalwareBazaar
TLSH	T16A135C4EAB9744ECC71BD5B041EB9772A876FC2205319EBF7B68DA351F21E40D729220
TrID	43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 27.6% (.EXE) Win64 Executable (generic) (10523/12/4) 13.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.3% (.EXE) OS/2 Executable (generic) (2029/13) 5.2% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	JAMESWT_WT
Tags:	CobaltStrike exe follina

Intelligence

File Origin

# of uploads :

1

# of downloads :

709

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/284112/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a file

DNS request

Sending a custom TCP request

Sending an HTTP GET request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/22829/overview

Behaviour

MalwareBazaar

SystemUptime

EvasionGetTickCount

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug explorer.exe rozena shelma

Link:

https://www.filescan.io/uploads/62bbfd25197c837506cfcb3c/reports/8476762d-3244-4def-ba68-a803a15e147d/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Cobalt Strike

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/bf25e876-4f11-49e1-897c-90f12b0e2384

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/1021649

Signature

C2 URLs / IPs found in malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/50961ee399fc45bdfcec9201e069417a8bd00bc38bd1707a32c65451c33a17da/

Threat name:

Win64.Backdoor.CobaltStrikeBeacon

Status:

Malicious

First seen:

2022-06-29 03:56:47 UTC

File Type:

PE+ (Exe)

AV detection:

19 of 40 (47.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kclb5y4z7rc337hmsia6a2kbpkf5ac6drpixa6rsyzkfdqz2c7na._file

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

3da3b7a6ce9f51f3298afc7aa931d3178f57b2d1ce857dbd88675c7386866b7e

3e1d36766dfab3b000777a6c8a7742e3f454eb9270e835181cfb3ee04e8a1e62

6880a560c6cc3dd49bdc94a90dcc8dc69e55a6d842e76bb0dff0038bad6a762f

80d8137f108cde8a47205bff89893dfccf81eae15b13f077374c022076b60f1b

a210787ffd0a6a918cd8c950ce6b5af178902b2e5a49799e0a17d8b25200ca6f

d08430ad21c7a08c68416ad117358c281e8d66c1eed9c8a5a044af66488369c0

e7e2bc2c52d0b57ed7a2d11fa822ef5520559876b7c55f3f38cf8ef62d6ee544

+ 1'803 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

suricata

Link:

https://tria.ge/reports/220629-h53t3sffck/

Behaviour

Modifies system certificate store

suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1

Unpacked files

SH256 hash:

50961ee399fc45bdfcec9201e069417a8bd00bc38bd1707a32c65451c33a17da

MD5 hash:

8336a6aeb41b066918c5cc7f27a4c36b

SHA1 hash:

2f0a7feac7da9c714aed0783b7f9e2f4bcf7783b

Link:

https://www.unpac.me/results/9ffe8039-5650-4b3a-9ea7-9e975379839a/

Malware family:

CobaltStrike

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/50961ee399fc/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.45

Link:

https://yomi.yoroi.company/submissions/50961ee399fc45bdfcec9201e069417a8bd00bc38bd1707a32c65451c33a17da

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 50961ee399fc45bdfcec9201e069417a8bd00bc38bd1707a32c65451c33a17da

(this sample)

X

https://twitter.com/StopMalvertisin/status/1542008393921331200?s=20&t=jzXyyj3okIBWkAnX2Pn5JA

Cape

Cape

https://www.capesandbox.com/analysis/284112/

URLhaus

https://urlhaus.abuse.ch/url/2252328/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample