MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 555e3cf6a90d8bdb8fb1a5cf8dfb9357df47e6b4c23f0c6726ea8ded50238bc6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 555e3cf6a90d8bdb8fb1a5cf8dfb9357df47e6b4c23f0c6726ea8ded50238bc6
SHA3-384 hash: 91bae458edd31ca8e9db57088ff5412d321af5208b3b6f04420664a857eebf2e74355adb2603d6955ffec8bc6386f326
SHA1 hash: 19dde7d72cd39a8fcc3401a49bc7e67ad53c765f
MD5 hash: 478a4b59bc5daaa3e45937e10f5da4a6
humanhash: double-undress-helium-montana
File name:temp.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:124'416 bytes
First seen:2022-07-23 11:03:06 UTC
Last seen:2022-07-23 12:00:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1610788f1d0a461203135fa91fc72640 (1 x CobaltStrike)
ssdeep 3072:vxOzSouB/A6S1khrh8Z2Fw10HUvaDJBXD6nVVneQfl1bb:vxaMAR1khrvDXunVfl1bb
Threatray 6 similar samples on MalwareBazaar
TLSH T1C5C3191AE3A320FDC15AC27456E753B3B972BC211631AFAE4394EB312F64D506B6E710
TrID 43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
27.6% (.EXE) Win64 Executable (generic) (10523/12/4)
13.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) OS/2 Executable (generic) (2029/13)
5.2% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter r3dbU7z
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
735
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/293651/
Detection(s):
SecuriteInfo.com.W64.Rozena.DW.genEldorado.5452.32541.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the system32 subdirectories
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/27172/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug meterpreter rozena swrort
Link:
https://www.filescan.io/uploads/62dbd5e645a9cc408790ea12/reports/852905a6-fb46-4d48-b885-086b08731c71/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/eaeb3c81-a06e-43ca-a56e-16f1d90f0c49
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1039709
Signature
C2 URLs / IPs found in malware configuration
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/555e3cf6a90d8bdb8fb1a5cf8dfb9357df47e6b4c23f0c6726ea8ded50238bc6/
Threat name:
Win64.Backdoor.CobaltStrikeBeacon
Create hunting rule
Status:
Malicious
First seen:
2022-07-23 11:04:05 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kvpdz5vjbwf5xd5ruxhy364tk7pupzvuyi7qyzzg5kg62ubdrpda._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
1a0fe47068a27b22f4bf644c888b61f185a904b231632c6877e1be599e08a107
CobaltStrike
cbcc9da9ec3bb25c5d91da1eb4d45f5ffc9a31cf38c9be9f7423be20499c8b17
CobaltStrike
d3ec1a84996a4443b146bfeeaded02eafe663af47b858adc650465f808498eb4
CobaltStrike
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220723-m59d3seac2/
Behaviour
Program crash
Unpacked files
SH256 hash:
555e3cf6a90d8bdb8fb1a5cf8dfb9357df47e6b4c23f0c6726ea8ded50238bc6
MD5 hash:
478a4b59bc5daaa3e45937e10f5da4a6
SHA1 hash:
19dde7d72cd39a8fcc3401a49bc7e67ad53c765f
Link:
https://www.unpac.me/results/a9e5adb3-90fa-4b49-9b0d-1a7abc1252dd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/555e3cf6a90d8bdb8fb1a5cf8dfb9357df47e6b4c23f0c6726ea8ded50238bc6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:meth_stackstrings
Create hunting rule
Author:Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe 555e3cf6a90d8bdb8fb1a5cf8dfb9357df47e6b4c23f0c6726ea8ded50238bc6

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/293651/

Comments