MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51abcecacd2fdd25bb8ef3a64b02aaa940b6d08ea2f7f48d5d6dc13d6912a561. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51abcecacd2fdd25bb8ef3a64b02aaa940b6d08ea2f7f48d5d6dc13d6912a561
SHA3-384 hash: 7bd46ccca4b670e76d6ada1be99129de2d2910159cd98d6ef7cda994033ef78ad4a70984d9e4404521c6d494417a6551
SHA1 hash: 7323a3c2f0b4c85099b275f78fb6f4d4f586c148
MD5 hash: f3acf00f641c4f24892e6864aa59b7c3
humanhash: two-colorado-mars-kitten
File name:51abcecacd2fdd25bb8ef3a64b02aaa940b6d08ea2f7f48d5d6dc13d6912a561
Download: download sample
File size:679'240 bytes
First seen:2021-01-28 13:09:47 UTC
Last seen:2021-01-28 15:10:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e9aa303687048d9e2b687f9213d39928 (2 x CobaltStrike)
ssdeep 12288:10f1XJ6cdH+4gkZp5U/rOF0Eo1k/+B9P6t7Xs013Fbu9FRvXpb:1iC4x5mU0ja/+B9P+I013FbuJv5b
Threatray 1 similar samples on MalwareBazaar
TLSH BCE4BF80E944FDF5DCC98FB500F2231943EAA181D71DDA2F7920FE3C051AA98E97265B
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
2
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
51abcecacd2fdd25bb8ef3a64b02aaa940b6d08ea2f7f48d5d6dc13d6912a561
Verdict:
Malicious activity
Analysis date:
2021-01-28 13:11:03 UTC
Tags:
trojan cobaltstrike
Link:
https://app.any.run/tasks/d447513f-88f2-4b97-84bf-f5e1a7f7aceb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/114227/
Detection(s):
SecuriteInfo.com.Variant.Bulz.287362.10661.20236.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending an HTTP GET request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/592860
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51abcecacd2fdd25bb8ef3a64b02aaa940b6d08ea2f7f48d5d6dc13d6912a561/
Threat name:
Win64.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2021-01-23 06:20:25 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
953c74dee50c9b3c4063a8c8fe06f05f06a9ed83b87e61d4f3ba1d545fb9210a
Result
Malware family:
metasploit
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike family:metasploit backdoor trojan
Link:
https://tria.ge/reports/210128-t52flf7twj/
Behaviour
Cobaltstrike
MetaSploit
Unpacked files
SH256 hash:
51abcecacd2fdd25bb8ef3a64b02aaa940b6d08ea2f7f48d5d6dc13d6912a561
MD5 hash:
f3acf00f641c4f24892e6864aa59b7c3
SHA1 hash:
7323a3c2f0b4c85099b275f78fb6f4d4f586c148
Link:
https://www.unpac.me/results/c79e6e01-8a58-43cd-9ce8-9ba4ec69d453/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/51abcecacd2fdd25bb8ef3a64b02aaa940b6d08ea2f7f48d5d6dc13d6912a561

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/114227/

Comments