MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b569cacb3c28dbbf4457b3af2bdd917f5f61e1c680fb0a661d315176f108e7b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b569cacb3c28dbbf4457b3af2bdd917f5f61e1c680fb0a661d315176f108e7b
SHA3-384 hash: 7bbedd9178123eef46ff01b907117459f521e21e9547bf6c4a59b17093225f737009fc1ef91b18ca127336f955c06061
SHA1 hash: c4c024bbee4ed70e6f2792dd8c21922855b1f554
MD5 hash: 66c4fe9c5b39447d11b1e0362e71ea4c
humanhash: florida-kilo-kentucky-edward
File name:433fb9b8.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:94'720 bytes
First seen:2023-07-05 08:01:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4a7e84eeddbd4b11e2d5c0d033ae4b1b (1 x CobaltStrike)
ssdeep 1536:nxkCmvessXzxEbXIoYRSmP0X+59rHrAt6WtXEsm99/rHrAt6WtXEsm99/:e7WssXzxEbXIoY0y59DA6WJX6DA6WJX6
Threatray 350 similar samples on MalwareBazaar
TLSH T1DE938E46B79484EEC405423488478EF2DBF6BD21A7908DDF27583FAF1D762E0192B663
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon 70f0ccd4d4f0f069 (1 x CobaltStrike)
Reporter obfusor
Tags:Cobalt Strike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
307
Origin country :
HK HK
Vendor Threat Intelligence
Malware family:
cobaltstrike
Create hunting rule
ID:
1
File name:
433fb9b8.exe
Verdict:
Malicious activity
Analysis date:
2023-07-05 08:02:22 UTC
Tags:
cobaltstrike trojan
Link:
https://app.any.run/tasks/17dfa393-aa43-4284-aaaa-69757c2acf74

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/407410/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/95594/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug hacktool
Link:
https://www.filescan.io/uploads/64a52342dc0b805f49678af8/reports/b681cfcd-346f-4254-99ab-cf3b9d039e2d/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/6b569cacb3c28dbbf4457b3af2bdd917f5f61e1c680fb0a661d315176f108e7b
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/072bb4ea-19ce-4580-90b5-3262f8a37523
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1267040
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Malicious sample detected (through community Yara rule)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
cobaltstrike
Create hunting rule
Link:
https://mwdb.cert.pl/sample/6b569cacb3c28dbbf4457b3af2bdd917f5f61e1c680fb0a661d315176f108e7b/
Threat name:
Win64.Backdoor.CobaltStrikeBeacon
Create hunting rule
Status:
Malicious
First seen:
2023-07-05 08:01:55 UTC
File Type:
PE+ (Exe)
Extracted files:
37
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nnljzlftykg3x5cfpm5pfpozc727mhq4nah3bjtb2mkro3yqrz5q._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
25177f86963cd89171a6f06bcd0559806f7c1fa1cff3a52eee89ad38c024b819
CobaltStrike
35bcc6e1410f3b7ef95301d996f5713e6811fc09b98edeb51d0222cbe099ce14
CobaltStrike
864c5339ddc1ad5df17d454c023d0f34a2bfebe76a19314f552d72123a845863
CobaltStrike
a0410b34f9a1161434b2df05470e2bc5d917ad44e419fe9d6a5008e3e3898b47
CobaltStrike
bc74b5b8a64345852af7d6d693558529f4aaaca0d9547aa57279b1cbe998ab70
CobaltStrike
ef6c768e35b2b443c17acec0088c935fdb593567f2a0494ca34f87ff3bcbb529
CobaltStrike
fb57cac696e24c505a392895dc3fe4ae001afc03b9f9ceae0d7ed40c5f999548
CobaltStrike
+ 340 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike botnet:1234567890 backdoor trojan
Link:
https://tria.ge/reports/230705-jwj62sbb56/
Behaviour
Suspicious behavior: EnumeratesProcesses
Cobaltstrike
Malware Config
C2 Extraction:
http://43.138.198.123:443/jquery-3.3.2.slim.min.js
http://43.138.198.123:443/jquery-3.3.1.min.js
Unpacked files
SH256 hash:
6b569cacb3c28dbbf4457b3af2bdd917f5f61e1c680fb0a661d315176f108e7b
MD5 hash:
66c4fe9c5b39447d11b1e0362e71ea4c
SHA1 hash:
c4c024bbee4ed70e6f2792dd8c21922855b1f554
Link:
https://www.unpac.me/results/83c076d2-d882-40fe-8a2f-180c59a8a87d/
Malware family:
CobaltStrike
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/6b569cacb3c2/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6b569cacb3c28dbbf4457b3af2bdd917f5f61e1c680fb0a661d315176f108e7b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/407410/

Comments