MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5524ff68db56a342888695eaef74d2c73cbd6b612e49a6204a6cf4eef35072f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5524ff68db56a342888695eaef74d2c73cbd6b612e49a6204a6cf4eef35072f8
SHA3-384 hash: 76e5bb34ef09c1bf945119a48cae1674c324290b748fc1e35d7f0dfee8fa2d28a23c1c8bedafaf46b636b0a53657fa85
SHA1 hash: 5846bdaf8674d01f870fd843174f173229955c78
MD5 hash: 94689fac2f32d6b258298d2a4ea54fae
humanhash: mike-zulu-jig-beryllium
File name:inetinfo.dll
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:295'088 bytes
First seen:2020-05-07 13:30:58 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash e1dcffde169ed8b947dc63acdb78aeca (9 x CobaltStrike)
ssdeep 6144:cW+Skribi/EmRsT7j+WPOhekfr+hGZPBSvtHcRkyiV:rampm/fKqetF
Threatray 60 similar samples on MalwareBazaar
TLSH 8F54CF9A85453035F6963D30686689FF83EC2B92105ECAE0F794FDED959C2B300BB479
Reporter James_inthe_box
Tags:Cobalt Strike dll

Code Signing Certificate

Organisation:AddTrust External CA Root
Issuer:AddTrust External CA Root
Algorithm:sha1WithRSAEncryption
Valid from:May 30 10:48:38 2000 GMT
Valid to:May 30 10:48:38 2020 GMT
Serial number: 01
Intelligence: 383 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:This certificate is on the Cert Central blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 687FA451382278FFF0C8B11F8D43D576671C6EB2BCEAB413FB83D965D06D2FF2
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Fugrafa-7654372-0
Create hunting rule

PUA.Win.Adware.Browsefox-6628766-0
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Cobalt
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 06:52:13 UTC
File Type:
PE (Dll)
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
0af65c358ae4d3f9db0fc6229e3fd6451c80b6143e0cfb56bdba9d36621ed584
CobaltStrike
3dfb4e7ca12b7176a0cf12edce288b26a970339e6529a0b2dad7114bba0e16c3
CobaltStrike
45b253db751c69bdc1d532167e482ef03f426d4dd06a513d342faf61e976f269
CobaltStrike
514de96ef99941a0c9712622848b687b402b0635a4bb45cf1cee0002fe8cdfcd
CobaltStrike
57a395267a680f4909efd096007d6ec86254502ae1c33a70733f0ccef85c4791
CobaltStrike
8b855b57f8cd532db46946a38f929e5e5d43d7c1c5ea09a5b51c21097143a282
CobaltStrike
8bb24503e3418b4e1879c450818a21da05f7f3a54da7939b3f1733b45c9bb029
CobaltStrike
96c441a2676616cbc2869de5adf4215bdad4603d970f956cc3de927301599257
CobaltStrike
e050425e51b6c04333e0b93b6a9e30b454adec91161e010f24c2b2b7be451279
CobaltStrike
f241b9ad9deb20f65e777ea5349b27ca5c70e74c1ca7d82413bcf0b03b8054c8
CobaltStrike
+ 50 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-lpxm1y17ej/
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments