MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5233d56c7fb7830e2ad227c546b869fcf8f7828c1f05dd172dc7435be0276140. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5233d56c7fb7830e2ad227c546b869fcf8f7828c1f05dd172dc7435be0276140
SHA3-384 hash: 6398bec916d3b58758a5b01f5af91bebe6608cfb4b19b8019a07c8d6adfc4610a187c4e81d57a21e653930f6fdbb24e8
SHA1 hash: c33c27afaf080547fd37b7fdce2c60b36db2036f
MD5 hash: 7a3d17e83e957cdb2dbec970981eb8f5
humanhash: nitrogen-kilo-speaker-berlin
File name:7a3d17e83e957cdb2dbec970981eb8f5
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:1'667'072 bytes
First seen:2022-06-12 09:06:33 UTC
Last seen:2022-06-12 09:42:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash faee07be5a15272b951e05f4f8e4ab28 (1 x CobaltStrike)
ssdeep 12288:RkAM4yTl3AlzobEk29vMcT6FTFim4aDQWqkAT4U6PzXTwnj1cQ47gvckpPWUMQVy:P/w9OOEk2GpkSn2XK/RbOgLuyJxEK1
Threatray 647 similar samples on MalwareBazaar
TLSH T126755C22BE9184F7D0721A7C9CF6A6EB94277D102DE894CE7BE44F4C0F35A413B25296
TrID 69.4% (.EXE) Win32 Executable Borland Delphi 7 (664796/42/58)
27.4% (.EXE) Win32 Executable Borland Delphi 6 (262638/61)
1.4% (.EXE) Win32 Executable Delphi generic (14182/79/4)
0.4% (.EXE) Win32 Executable (generic) (4505/5/1)
0.3% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):PE icon
dhash icon 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner)
Reporter zbetcheckin
Tags:32 CobaltStrike exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
891
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://37.0.8.224/k.exe
Verdict:
Suspicious activity
Analysis date:
2022-06-12 06:20:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b377556b-10cd-4c5d-a7c4-a4ba107b3341

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
CobaltStrikeBeacon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/279077/
Detection(s):
SecuriteInfo.com.Trojan.Agent8.B1ETFE.dGZlOgSOaa38tLg4jQ.19745.31349.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
Creating a file
DNS request
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware keylogger qbot ursnif
Link:
https://www.filescan.io/uploads/62a5acf48763ffd4adb8a079/reports/d19f7b54-07c8-4de4-8e72-d535b9e81edb/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Cobalt Strike
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/36ca6578-9d9f-4d21-99f6-1564b0814339
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1011593
Signature
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5233d56c7fb7830e2ad227c546b869fcf8f7828c1f05dd172dc7435be0276140/
Threat name:
Win32.Backdoor.CobaltStrikeBeacon
Create hunting rule
Status:
Malicious
First seen:
2022-06-12 07:54:23 UTC
File Type:
PE (Exe)
Extracted files:
38
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kiz5k3d7w6bq4kwse7cunodj7t4ppaumd4c52fzny5bvxybhmfaa._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
0db962ed407baa67225879ef022f236cca87d6129048dc57b7801166a00b9029
CobaltStrike
1fa91a1c228de13e0d24d2d0edc83e01bb848f16afb1849b48b3060299afcb58
CobaltStrike
3c67fe0c0c8be9d42088882a993855ba0430fa883a1abd6b76a60295412ca08f
CobaltStrike
602b4c9555eff5a32e4ed4196cc69326d49bf30846eb42a6db178f2ee3d2f44b
CobaltStrike
756aa20c5c2541234854a2067ecdd210695615da7b2b2901bbb290200673725e
CobaltStrike
7703da44bf261e65652af462d3d151498066a2dc315a9f6496204e51099b3e65
CobaltStrike
a65cd4a28ebbddb952dadb85e135b560257a7787d9b11e88e38164bd9abe2007
CobaltStrike
b5acce41fd46b4691f4527d403d150fab365a557bc572d7e147a3e99eefca013
CobaltStrike
fb8acf77891e1897c9dcab222d5a9424e1fd4eb0273e0def4e2872bd870c9901
CobaltStrike
+ 637 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/220612-k3armaefak/
Behaviour
Cobaltstrike
Unpacked files
SH256 hash:
5a9cccfc4ed9fe88d646138c287bdb7c55c575cd17c16550656528a921d097aa
MD5 hash:
3f83052677ea9c288395b01bb898d4c6
SHA1 hash:
a7e595a63abb115a9d322e905852978d7745103d
Link:
https://www.unpac.me/results/ba949f74-2582-44c9-a259-99ce66dd9b47/
SH256 hash:
5233d56c7fb7830e2ad227c546b869fcf8f7828c1f05dd172dc7435be0276140
MD5 hash:
7a3d17e83e957cdb2dbec970981eb8f5
SHA1 hash:
c33c27afaf080547fd37b7fdce2c60b36db2036f
Link:
https://www.unpac.me/results/ba949f74-2582-44c9-a259-99ce66dd9b47/
Malware family:
CryptOne
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/5233d56c7fb7/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.61
Link:
https://yomi.yoroi.company/submissions/5233d56c7fb7830e2ad227c546b869fcf8f7828c1f05dd172dc7435be0276140

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe 5233d56c7fb7830e2ad227c546b869fcf8f7828c1f05dd172dc7435be0276140

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2234981/
Cape
Cape
https://www.capesandbox.com/analysis/279077/

Comments


Avatar
zbet commented on 2022-06-12 09:06:39 UTC

url : hxxp://37.0.8.224/k.exe