MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5efe564a2c779adebab8e664d524a0cfd026c8ab3a57527bd1d821245ffc2a8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	5efe564a2c779adebab8e664d524a0cfd026c8ab3a57527bd1d821245ffc2a8c
SHA3-384 hash:	7689dc590073e1941fabb1efa039cbb90e0d9b3314232d8ebfb67e9743812195d50d23dfcfc8dde79ee435ca986fe573
SHA1 hash:	f575c224eebcaaf84bd7d7b1914bdd2bacb84ab9
MD5 hash:	86b248fe375c0c460955345652c2c831
humanhash:	oklahoma-california-speaker-arkansas
File name:	86b248fe375c0c460955345652c2c831.dll
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	2'134'016 bytes
First seen:	2022-08-11 06:30:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	72dfd4d0d41ab31566417308c282bd49 (1 x CobaltStrike)
ssdeep	49152:B1uZi3UwaehC6CJCRp0Bk0lIW9S+FCut53sI9fdWsHta8pS1SlhnrqgNSYbNP1m3:BLcS1SbbSC1m
Threatray	639 similar samples on MalwareBazaar
TLSH	T188A5A193F6B251E8D8F6C1398B523627BDA1B85587399BD3960086174B32FF0E93E740
TrID	48.7% (.EXE) Win64 Executable (generic) (10523/12/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter	abuse_ch
Tags:	CobaltStrike dll exe

Intelligence

File Origin

# of uploads :

# of downloads :

776

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

86b248fe375c0c460955345652c2c831.dll

Verdict:

No threats detected

Analysis date:

2022-08-11 06:38:54 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/59521685-7df6-4735-883f-533b70659e3f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/297873/

Detection(s):

SecuriteInfo.com.Variant.Tedy.161893.5715.8713.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Sending a custom TCP request

DNS request

Sending an HTTP GET request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/62f4a233f6ec33747d966a37/reports/19194114-30a6-4978-867f-418143415a67/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Cobalt Strike

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/6501e1e6-5762-42a0-bd7c-59d257733191

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1049703

Signature

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

cobaltstrike

Link:

https://mwdb.cert.pl/sample/5efe564a2c779adebab8e664d524a0cfd026c8ab3a57527bd1d821245ffc2a8c/

Threat name:

Win64.Backdoor.MeterpreterReverseShell

Status:

Malicious

First seen:

2022-08-10 14:21:59 UTC

File Type:

PE+ (Dll)

AV detection:

16 of 26 (61.54%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=l37fmsrmo6nn5ovy4zsnkjfaz7icnsflhjlve66r3aqsix74fkga._file

Verdict:

malicious

Label(s):

cobaltstrike

CobaltStrike

33d17bbc69d8f9087dc9a774d314cdde24d2ac81c42bb3b7f839a206b77d9ea8

CobaltStrike

65b208943d8cf82af902c39400bdd7a26fdbc94c23f9d4494cf0a2ca51233213

CobaltStrike

74ace0111970edf84a676c96b0c8180b2f2f6bc0a3f8e7bd1db4c9505e7e1d17

CobaltStrike

99be525b748064edaa30caa911b1122187139c463ad29068c3ee5cf69eed774e

CobaltStrike

a7a0025d77b576bcdaf8b05df362e53a748b64b51dd5ec5d20cf289a38e38d56

CobaltStrike

ac1d19c5942946f9eee6bc748dee032b97eb3ec3e4bb64fead3e5ac101fb1bc8

CobaltStrike

e70c965ae03c89538c94cc65ada5194c0b129a67e4c5f0eca728965ff4f831ae

CobaltStrike

+ 629 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:0 backdoor trojan

Link:

https://tria.ge/reports/220811-g92xxabhcl/

Behaviour

Program crash

Cobaltstrike

Malware Config

C2 Extraction:

http://jahojahi.com:443/cr

Unpacked files

SH256 hash:

5efe564a2c779adebab8e664d524a0cfd026c8ab3a57527bd1d821245ffc2a8c

MD5 hash:

86b248fe375c0c460955345652c2c831

SHA1 hash:

f575c224eebcaaf84bd7d7b1914bdd2bacb84ab9

Link:

https://www.unpac.me/results/3ec63a8e-704e-41f3-bee4-c75ed1617063/

Malware family:

CobaltStrike

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/5efe564a2c77/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5efe564a2c779adebab8e664d524a0cfd026c8ab3a57527bd1d821245ffc2a8c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

exe 5efe564a2c779adebab8e664d524a0cfd026c8ab3a57527bd1d821245ffc2a8c

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2271570/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/297873/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample