MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c7386b07716fccd51108a9182a71c6855d6c0504e4fb62004ef004de1bb3bb1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c7386b07716fccd51108a9182a71c6855d6c0504e4fb62004ef004de1bb3bb1
SHA3-384 hash: 1c3f75d82a126a13e798b3a1c645ac3352fef4d2048c9defd0815e22bc38b87fc9962fe0d39d78d35a70ed081de3847e
SHA1 hash: de468099bc857674f44318c63ed96c7d9d026a3f
MD5 hash: 4e228802bcb649751855c0bd9a35ab0d
humanhash: lima-asparagus-mars-lamp
File name:SecuriteInfo.com.Trojan.GenericKD.36541943.23652.21867
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:66'560 bytes
First seen:2021-03-20 20:33:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1ba58a7439f95ffe8a63e2db77ed6885 (1 x CobaltStrike)
ssdeep 1536:5hLVmgU/ruRYJurNs3YgcP2DX4w4PYf5aND:56zuWurNCYV26wf5aZ
Threatray 3 similar samples on MalwareBazaar
TLSH 04539D65F2B028D2E5BE817AC6D3BCDA7A6272528C66DDCD80506BF70363B71DE19700
Reporter SecuriteInfoCom
Tags:CobaltStrike

Intelligence

File Origin
# of uploads :
1
# of downloads :
652
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.GenericKD.36541943.23652.21867
Verdict:
No threats detected
Analysis date:
2021-03-20 20:34:37 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/655a5eef-7779-4472-ba0d-b9c1257f8ca6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36541943.23652.21867.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/85c82c53-eb3a-4a22-809a-fd73608462f7
Result
Threat name:
Metasploit
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/646959
Signature
Injects code into the Windows Explorer (explorer.exe)
Maps a DLL or memory area into another process
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Svchost Process
Writes to foreign memory regions
Yara detected Metasploit Payload
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6c7386b07716fccd51108a9182a71c6855d6c0504e4fb62004ef004de1bb3bb1/
Threat name:
Win64.Trojan.Cometer
Create hunting rule
Status:
Malicious
First seen:
2021-03-20 08:14:48 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nrzynmdxc36m2uiqrkiyfjy4nbk5nqcqjzh3miae54ae3yn3hoyq._file
Verdict:
unknown
Similar samples:
03be30bf83c48de2fc11174179c6b466cde149f2af7032dbc8bf2036a12b0e1a
CobaltStrike
64bb301a1ef092d05ce99b282df5d6967b01a4598c292d14608137a180ecaece
CobaltStrike
82abed1d037e286fb147d1ff13ab740bc338dc3ebf514e0e24d727e84cb2a460
CobaltStrike
Result
Malware family:
metasploit
Create hunting rule
Score:
  10/10
Tags:
family:metasploit backdoor trojan
Link:
https://tria.ge/reports/210320-gf5llhmt4e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Program crash
MetaSploit
Suspicious use of NtCreateProcessExOtherParentProcess
Malware Config
C2 Extraction:
http://onealaskasport.com:443/jquery-3.3.1.slim.min.js
Unpacked files
SH256 hash:
6c7386b07716fccd51108a9182a71c6855d6c0504e4fb62004ef004de1bb3bb1
MD5 hash:
4e228802bcb649751855c0bd9a35ab0d
SHA1 hash:
de468099bc857674f44318c63ed96c7d9d026a3f
Link:
https://www.unpac.me/results/6d2f6222-fae4-441d-a20e-3888c28cb880/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/6c7386b07716fccd51108a9182a71c6855d6c0504e4fb62004ef004de1bb3bb1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe 6c7386b07716fccd51108a9182a71c6855d6c0504e4fb62004ef004de1bb3bb1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1080031/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1080032/

Comments