MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b5fa30bf12f13f881708222824517d662f410b212a0f7f7ce5c611fd809f809. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	5b5fa30bf12f13f881708222824517d662f410b212a0f7f7ce5c611fd809f809
SHA3-384 hash:	4fd96e74ab01bc1364ba9ce944d327b20d44ce602b9f62a0bbd142c0e00a63bae6c4ab5b7be8ee7392959cde650657a6
SHA1 hash:	a02e0dbcfb20c3f5f2e8965f6b4dbe31928bee7b
MD5 hash:	63ab5d17585a8734d643324e2a8fa90e
humanhash:	network-grey-massachusetts-social
File name:	wegfkfffeovy.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	944'640 bytes
First seen:	2021-12-08 12:39:48 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	07e8c5917f08d2e0b9ba81834a320ae4 (1 x CobaltStrike)
ssdeep	12288:phKnSqe31KBbVz/a593mYiMJLwOjHmAk:7KnSqe31K1JU2pMJLwiz
Threatray	1'376 similar samples on MalwareBazaar
TLSH	T10D153A47E37345FCC96AC87483A6A732B830785441397E3A5F45EB222F65F20993EB64
Reporter	madjack_red
Tags:	CobaltStrike exe

Intelligence

File Origin

# of uploads :

# of downloads :

521

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

5b5fa30bf12f13f881708222824517d662f410b212a0f7f7ce5c611fd809f809.exe

Verdict:

No threats detected

Analysis date:

2021-12-08 12:44:34 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/5d78c463-d51a-4d4f-908e-81637d2fabb1

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

CobaltStrikeBeacon

Link:

https://www.capesandbox.com/analysis/212473/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

DNS request

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/1325/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug packed

Link:

https://www.filescan.io/uploads/61b0a7a9fa72c81b5b11a9ff/reports/28270449-de10-460f-b01a-21d787df9978/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Cobalt Strike

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/193b00cd-3907-4a79-8733-cb760bd342f9

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/903823

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Download SVG

Detection:

cobaltstrike

Link:

https://mwdb.cert.pl/sample/5b5fa30bf12f13f881708222824517d662f410b212a0f7f7ce5c611fd809f809/

Threat name:

Win64.Trojan.CobaltStrike

Status:

Malicious

First seen:

2021-12-08 03:48:30 UTC

File Type:

PE+ (Exe)

AV detection:

15 of 44 (34.09%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

CobaltStrike

22c034ac5a7ac3b628cbb37b575ac528030c961490e41bbe9435319fde8db07b

CobaltStrike

2bfe11c06ffe157399432080f6de6190e1062c99b4a55ec31974b5a37ee8dd3c

CobaltStrike

911258f156ba8725275862c8a1634ebd1d917fa68ec81dec7c0430005334f9d4

CobaltStrike

954944ef6cdd1474ed35f27b790a7914156672cc7a1afbcc3214ccc1855ff12e

CobaltStrike

971c693bc67cf7b4b9655282b815bc1ba10ee937f1736ba1ef5fdb7aea392f6c

CobaltStrike

9ca6449c0586a77c55586bcc7adfaef2c3cc53da4713c5ed57fced15a3054545

CobaltStrike

d1d0c9d1ee7b800d491c9fb3fc94b93e5c59d903a4debb092846c46481077ae0

CobaltStrike

d3f1d658545c3726233e696e3cea4d66d9a515d60f551ea01abfda00552e17da

CobaltStrike

+ 1'366 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:0 backdoor trojan

Link:

https://tria.ge/reports/211208-pv6xbadbb6/

Behaviour

Cobaltstrike

Malware Config

C2 Extraction:

http://lartmana.com:443/jquery-3.3.1.min.js

Unpacked files

SH256 hash:

5b5fa30bf12f13f881708222824517d662f410b212a0f7f7ce5c611fd809f809

MD5 hash:

63ab5d17585a8734d643324e2a8fa90e

SHA1 hash:

a02e0dbcfb20c3f5f2e8965f6b4dbe31928bee7b

Link:

https://www.unpac.me/results/520c4715-1454-442d-941c-3865f1310b2e/

Malware family:

Cobalt Strike

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/5b5fa30bf12f/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5b5fa30bf12f13f881708222824517d662f410b212a0f7f7ce5c611fd809f809

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/212473/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample