MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57a395267a680f4909efd096007d6ec86254502ae1c33a70733f0ccef85c4791. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	57a395267a680f4909efd096007d6ec86254502ae1c33a70733f0ccef85c4791
SHA3-384 hash:	beb00357e47e93a7e93a4615372fe8316d1f10c6d5a025392babe81e3ad1015fd9662e0164169529b1ee42d6a27aeb9c
SHA1 hash:	448d847b1e63c25abb6d6164ee7a46c4d34dc446
MD5 hash:	a5aca3a647878019dec377c194771e8d
humanhash:	beer-lithium-ceiling-yankee
File name:	57a395267a680f4909efd096007d6ec86254502ae1c33a70733f0ccef85c4791
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	110'592 bytes
First seen:	2020-03-23 18:49:34 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6951a31a12d470e5ccef1fa9332a0b22 (1 x CobaltStrike)
ssdeep	1536:pE4mQMHy82XZXCeReW0c3tSHX0Fmc+iadpk1iD5DNvoJTCZZa1cTSIL:pXSy82v6e8HRc+ldxD5RGOT+IL
Threatray	65 similar samples on MalwareBazaar
TLSH	97B3D0E2FA149621C49021F12DCF265919346EF38928915FB36CB5EFFFF6502AA1217C
Reporter	Marco_Ramilli
Tags:	Cobalt Strike exe

Intelligence

File Origin

# of uploads :

# of downloads :

106

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.32189669.7124.1383.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Shellcode

Status:

Malicious

First seen:

2019-07-25 20:44:26 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

33 of 45 (73.33%)

Threat level:

2/5

Verdict:

malicious

Label(s):

cobaltstrike

CobaltStrike

45b253db751c69bdc1d532167e482ef03f426d4dd06a513d342faf61e976f269

CobaltStrike

514de96ef99941a0c9712622848b687b402b0635a4bb45cf1cee0002fe8cdfcd

CobaltStrike

5524ff68db56a342888695eaef74d2c73cbd6b612e49a6204a6cf4eef35072f8

CobaltStrike

670d05296e29183d8f292c1fe61003bb8bc608c5ee4916c68996b4f64e587622

CobaltStrike

8b855b57f8cd532db46946a38f929e5e5d43d7c1c5ea09a5b51c21097143a282

CobaltStrike

8bb24503e3418b4e1879c450818a21da05f7f3a54da7939b3f1733b45c9bb029

CobaltStrike

a2c804408646e8c0481d3ba30a49482721857f540ecabc32c1de77cb91860c64

CobaltStrike

e571cd3a4c0744cb3c5443b868577adced331a7545fcb6e2ed0efbe7506a2f9b

CobaltStrike

f241b9ad9deb20f65e777ea5349b27ca5c70e74c1ca7d82413bcf0b03b8054c8

CobaltStrike

+ 55 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

exe 57a395267a680f4909efd096007d6ec86254502ae1c33a70733f0ccef85c4791

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/228143/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CreateProcessA KERNEL32.dll::OpenProcess KERNEL32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::GetDiskFreeSpaceW
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::DeleteFileW KERNEL32.dll::MoveFileW KERNEL32.dll::GetWindowsDirectoryA KERNEL32.dll::GetSystemDirectoryW KERNEL32.dll::RemoveDirectoryA KERNEL32.dll::GetTempPathA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample