MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56f3f593d4bf728840e00df5ba1a1fe1ffddf142a3e42dac6023c866d3670624. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	56f3f593d4bf728840e00df5ba1a1fe1ffddf142a3e42dac6023c866d3670624
SHA3-384 hash:	939818a96928dd29955cc45305c23cabe109f268584d294ad95418e1171ca241e22200b2d93afde46732b0e301d50076
SHA1 hash:	55b9b0e5fae34a3f62e07c9ad0be9a87886d9f65
MD5 hash:	bb4fe58a0d6cbb1237d46f2952d762cc
humanhash:	gee-apart-grey-lithium
File name:	bb4fe58a0d6cbb1237d46f2952d762cc.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	120'320 bytes
First seen:	2021-07-17 15:04:00 UTC
Last seen:	2021-07-17 15:32:59 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9d99ebd37709d0b6eb21f50ed812bceb (1 x CobaltStrike)
ssdeep	3072:DMEqRX0NTe40kMU/9DGdhn4bYZuTn0Dkt3cQVx9E:DMEqQa40kPZM54b0uTnz+
Threatray	974 similar samples on MalwareBazaar
TLSH	T1D4C36C57B3A134F9D5778239C8A0591AE7B678760A318F6F039406A62F372D09D3EF60
Reporter	abuse_ch
Tags:	CobaltStrike exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

558

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

bb4fe58a0d6cbb1237d46f2952d762cc.exe

Verdict:

No threats detected

Analysis date:

2021-07-17 15:07:04 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e67bc8be-2630-48ed-a504-4bd26a009b5e

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/172340/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.46103211.16602.20416.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/d6d48635-8cb7-4507-bedc-bc2eee7a3b3c

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/817827

Signature

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Performs DNS queries to domains with low reputation

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/56f3f593d4bf728840e00df5ba1a1fe1ffddf142a3e42dac6023c866d3670624/

Threat name:

Win64.Trojan.APost

Status:

Malicious

First seen:

2021-04-15 13:59:40 UTC

AV detection:

11 of 28 (39.29%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=k3z7le6ux5ziqqhabx23ugq74h7534kcupsc3ldaepegnu3haysa._file

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

1cf5710e500a423b84b51fa3afdd923fe0a8255c5817d3238175623e2ebbfad9

2af42a2047b16f2dea0038365058a8d8b7f71152117c371ce7f593e47aa785d1

31bffcb4afdba092230c1e621a8259aff530d812ababfe2d34af5fbfea827efd

49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a

984265f2a1df743a585b3ed1aa138080dbc0e27c66d2472d10a66c916739556c

a8241398b22ba3745b460a7a0c39cb9a86ca258b9283901d42e8dab283acb39b

b820e8a2057112d0ed73bd7995201dbed79a79e13c79d4bdad81a22f12387e07

bf9b98c2b8e313967028e6ba8760d9a23f6b93036b5f85631494e870a90af779

f74f5eb8416d9522e703877e104ac7923cc3efeedaa1138b6221726b0d359096

f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f

+ 964 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:305419896 backdoor trojan

Link:

https://tria.ge/reports/210717-k6ynbtzd4e/

Behaviour

Modifies system certificate store

Cobaltstrike

Malware Config

C2 Extraction:

http://www.fzupdate.com:443/logo64x64.gif
http://www.fzupdate.com:443/preload

Unpacked files

SH256 hash:

56f3f593d4bf728840e00df5ba1a1fe1ffddf142a3e42dac6023c866d3670624

MD5 hash:

bb4fe58a0d6cbb1237d46f2952d762cc

SHA1 hash:

55b9b0e5fae34a3f62e07c9ad0be9a87886d9f65

Link:

https://www.unpac.me/results/e386f5a6-2484-44ae-8bcc-1376107c9ddd/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/56f3f593d4bf728840e00df5ba1a1fe1ffddf142a3e42dac6023c866d3670624

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/172340/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample