MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 662688d36dc7b035a0dc23d09d5d4c25fa70408373266f72c6d03d3187adbfd5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	662688d36dc7b035a0dc23d09d5d4c25fa70408373266f72c6d03d3187adbfd5
SHA3-384 hash:	b83093447e2490dd94097a36aa7af62e1bb86941a0d090fb8bc9662ef1aad86dfa69db587376576f5909e934987e37bb
SHA1 hash:	2b7e4346b637121c987c0326fa03e98f8aaaf555
MD5 hash:	b9d0f534095b57cf2f6f54cd671281d3
humanhash:	don-chicken-alabama-harry
File name:	662688d36dc7b035a0dc23d09d5d4c25fa70408373266f72c6d03d3187adbfd5
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	24'520 bytes
First seen:	2021-02-15 17:18:10 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	dc25ee78e2ef4d36faa0badf1e7461c9 (118 x CobaltStrike, 5 x Cobalt Strike)
ssdeep	384:yCxRKqbOCdWIVBPk+xzyFfCXAnz5eDZ/d5GBQlJRrMK6jr1:yCxTRVJknfiAd6GrKgZ
Threatray	109 similar samples on MalwareBazaar
TLSH	EFB22BB6DB862CA5FE678F3030F9A77BAE33F2135C258C8ADD40C4401A62691981576E
Reporter	JAMESWT_WT
Tags:	CobaltStrike CobaltStrike beacon implant Zoom Meetings signed

Code Signing Certificate

Organisation:	Zoom Video Communications, Inc.
Issuer:	Go Daddy Secure Certificate Authority - G2
Algorithm:	sha256WithRSAEncryption
Valid from:	2017-01-20T20:02:01Z
Valid to:	2020-01-20T02:33:38Z
Serial number:	25827a1b362bae36
Intelligence:	2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	2b0f937bad5fc9510cd1d8ad11d1056b78857e165f91ca9262d1b7eca9314f35
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

1

# of downloads :

493

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

662688d36dc7b035a0dc23d09d5d4c25fa70408373266f72c6d03d3187adbfd5

Verdict:

No threats detected

Analysis date:

2021-02-15 17:23:35 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/63750f34-af0f-43a0-80dc-35c578ab30ec

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/117199/

Detection(s):

Win.Trojan.CobaltStrike-7899872-1

Win.Countermeasure.LoaderWinGeneric-9804845-2

PUA.Win.Trojan.Generic-6629274-0

PUA.Win.Malware.Installcore-6717809-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/608273

Signature

Found potential dummy code loops (likely to delay analysis)

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/662688d36dc7b035a0dc23d09d5d4c25fa70408373266f72c6d03d3187adbfd5/

Threat name:

Win32.Trojan.CobaltStrike

Status:

Malicious

First seen:

2020-12-07 20:47:00 UTC

File Type:

PE (Exe)

AV detection:

23 of 28 (82.14%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

1370880a73ec8b7bcb01a8685fb8cc3f62a8ee07d26b2d1872db0a0cce5f2050

21475aa38fb80fbc95f456a07b3a29ff39d6f444301f8da47ae25143c41587e1

4ba00a05073c7df8764cb02f72dc280ad8895d5bc4c3f5b2dbda29d386792d3f

4c830a4247fc3203fbc7fde4ec81d002fd4899cac3e364a7cb30d15bf09c147e

a9cb8b4b238991fe258d622c0c2855e6dc293a872d1672ec6df08d03c139d151

b97b606aef81420a441aba88b42c44aa8e102390434be5714d33bb07645912d2

be2fefa094f44fe2301e5d44885bd41a20a1ad1ed7148fa9a0d4956f960cc8a3

d98c29847ea4a1acbc30f95ede18759d9f2ed343dd99d85a542efdf23fd497e5

eb1d75f02e09b08c65e1541bddcd6888c334977bb1fb603fa45dcd1a836bb406

ed324d9ae6fff04a11e230c45999de1deac96cae2dce42dfb1661413fb00c8d8

+ 99 additional samples on MalwareBazaar

Result

Malware family:

metasploit

Score:

10/10

Tags:

family:metasploit backdoor trojan

Link:

https://tria.ge/reports/210215-m949pt6gf2/

Behaviour

MetaSploit

Malware Config

C2 Extraction:

http://47.95.205.52:10086/sk9E

Unpacked files

SH256 hash:

662688d36dc7b035a0dc23d09d5d4c25fa70408373266f72c6d03d3187adbfd5

MD5 hash:

b9d0f534095b57cf2f6f54cd671281d3

SHA1 hash:

2b7e4346b637121c987c0326fa03e98f8aaaf555

Link:

https://www.unpac.me/results/df54163b-45e3-4a89-a7a3-6fb16dacab86/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Swrort

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/662688d36dc7b035a0dc23d09d5d4c25fa70408373266f72c6d03d3187adbfd5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/117199/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample