MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55c7a0ec28ac9319b3d2245882007c7c1f72b3f44970d24c6d5c355f993d1fb9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments 1

SHA256 hash:	55c7a0ec28ac9319b3d2245882007c7c1f72b3f44970d24c6d5c355f993d1fb9
SHA3-384 hash:	5a678f3e79fee02f8b82d88c5e51572b4f1ba995f49728e453ede69ce29fe6a7c03383a237a2816d013f55b79d053dc9
SHA1 hash:	135fe840084973d099de68992de40224ed1680b9
MD5 hash:	dbffcc741c54ae7632fb2807c888bdfe
humanhash:	spaghetti-november-mississippi-happy
File name:	cb.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	579'072 bytes
First seen:	2020-12-10 03:40:17 UTC
Last seen:	2020-12-10 05:32:22 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f52296f10a5230f4e60184b9ea2ac229 (1 x CobaltStrike)
ssdeep	12288:gPhzq7DfwYF0zPMLy8n8VfW1Ywpp0WxbfPaCQ:KqPftFbVP0WxbfPaCQ
Threatray	645 similar samples on MalwareBazaar
TLSH	62C44B24B83352A4ED96B0F947CBE476EB227C6A07A1C96F42803D367F63D913D6D811
Reporter	r3dbU7z
Tags:	CobaltStrike exe hacktool

Intelligence

File Origin

# of uploads :

# of downloads :

314

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

cb.exe

Verdict:

No threats detected

Analysis date:

2020-12-08 04:58:05 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/c847134a-8a0a-4480-a01c-63e2e7299df3

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/107597/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.44549841.19130.12971.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Sending a UDP request

Using the Windows Management Instrumentation requests

Delayed writing of the file

DNS request

Sending a custom TCP request

Creating a file

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/559784

Signature

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/55c7a0ec28ac9319b3d2245882007c7c1f72b3f44970d24c6d5c355f993d1fb9/

Threat name:

Win64.Trojan.CobaltStrike

Status:

Malicious

First seen:

2020-11-18 14:17:10 UTC

AV detection:

18 of 29 (62.07%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kxd2b3bivsjrtm6sermiead4pqpxfm7ujfynetdnlq2v7gj5d64q._file

Verdict:

malicious

Label(s):

cobaltstrike

CobaltStrike

2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c

CobaltStrike

836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599

CobaltStrike

87dca59ec3d55bcb1b05da564e5ce0a164ab633f1c46a18a97f72a30efff7388

CobaltStrike

9a7d2b2c96ee9b7b0ddc1665988d935a719f04cdb2b2dd331ec36aa4f6597506

CobaltStrike

9c3b7ba8d375f19993312a6ac20418e0d107d73b30d585e9ad3646e150ff7c5a

CobaltStrike

ca00167290891c622745230d52c813ab8e25f18d2106f18fb6dc2594383b58d8

CobaltStrike

d44d718c247b1664861f987b1725314f152e43e7c1da80b163f812e1b7c3fdb7

CobaltStrike

e0952195d73431802bf22dad462b2fffda7ae4f4e384aad8e326b0c6404fb5bf

CobaltStrike

ede75c0a88d80043f79025dfd8ef91c3d1b01a1613f4a0347b2ceb29f8b19578

CobaltStrike

+ 635 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/201210-8zr11825t2/

Behaviour

Cobaltstrike

Malware Config

C2 Extraction:

http://NuQuiedi8ezai5aHucei.cantusethis.fun:443/gifs/
http://Jae3Faita9jeiMeiVeiv.cantusethis.site:443/gifs/
http://ibee3sahkei7Ohcu9uGi.cantusethis.online:443/image/

Unpacked files

SH256 hash:

55c7a0ec28ac9319b3d2245882007c7c1f72b3f44970d24c6d5c355f993d1fb9

MD5 hash:

dbffcc741c54ae7632fb2807c888bdfe

SHA1 hash:

135fe840084973d099de68992de40224ed1680b9

Link:

https://www.unpac.me/results/df708b4e-8095-4f9e-a9cc-c4f45c54f0fe/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

CobaltStrike

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/55c7a0ec28ac9319b3d2245882007c7c1f72b3f44970d24c6d5c355f993d1fb9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

https://www.capesandbox.com/analysis/107597/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

Ben commented on 2022-07-20 16:19:05 UTC

Cobaltstrike