MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6fc2d85f11a802fd6abca3bd24c3b97af10671772c884a743c6e623382cefd88. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	6fc2d85f11a802fd6abca3bd24c3b97af10671772c884a743c6e623382cefd88
SHA3-384 hash:	7052f9861d89efffc0e064fe5fb34a2fb6c0be8ceafb77a8bd5f99fb1c01bdfa51caa1bd2c89fe8c498bfc1289eec298
SHA1 hash:	2b946b49bac6e0bd998faff0f26a29c2a142bd07
MD5 hash:	5064de995195186fe9388b8c0501e921
humanhash:	juliet-vermont-johnny-edward
File name:	SecuriteInfo.com.Generic.mg.5064de995195186f.31563
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	376'320 bytes
First seen:	2021-01-19 20:51:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c7cf2e9659a59674ded4115be6397952 (1 x CobaltStrike)
ssdeep	6144:SH71vTpqgKz0lGRU/38ejPfZCu7SmS4hgcjWChEEzcWaNKUWRZq2zd5vCcvzFWd:SHRkgKA+VezZCUjbKuRk255vCcvzFW
Threatray	681 similar samples on MalwareBazaar
TLSH	DD84C0A7A3FD70EBE075C5325BB217129773BCB007124B5E03724A151F67AD48EBAA21
Reporter	SecuriteInfoCom
Tags:	CobaltStrike

Intelligence

File Origin

# of uploads :

1

# of downloads :

548

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

https://chattlink.s3.amazonaws.com/msg.exe

Verdict:

No threats detected

Analysis date:

2021-01-19 19:22:24 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/f55140ab-d77f-4c18-8c5e-e858db4b2b94

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

CobaltStrikeBeacon

Link:

https://www.capesandbox.com/analysis/112987/

Detection(s):

SecuriteInfo.com.Generic.mg.5064de995195186f.31563.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/585611

Signature

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6fc2d85f11a802fd6abca3bd24c3b97af10671772c884a743c6e623382cefd88/

Threat name:

Win64.Trojan.Jobutyve

Status:

Malicious

First seen:

2021-01-19 19:18:54 UTC

AV detection:

9 of 28 (32.14%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

05815c1e6e37cf16bb24c456836069a7709df19505708d26f503ff46360001ba

15305978d7c42e26d908feca9aed4efa3df89ae6524ecce10752a2ee3cdf813f

2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c

55c7a0ec28ac9319b3d2245882007c7c1f72b3f44970d24c6d5c355f993d1fb9

836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599

87dca59ec3d55bcb1b05da564e5ce0a164ab633f1c46a18a97f72a30efff7388

9a7d2b2c96ee9b7b0ddc1665988d935a719f04cdb2b2dd331ec36aa4f6597506

ca00167290891c622745230d52c813ab8e25f18d2106f18fb6dc2594383b58d8

e0952195d73431802bf22dad462b2fffda7ae4f4e384aad8e326b0c6404fb5bf

ede75c0a88d80043f79025dfd8ef91c3d1b01a1613f4a0347b2ceb29f8b19578

+ 671 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/210119-w7pfxphytx/

Behaviour

Cobaltstrike

Malware Config

C2 Extraction:

http://videotalk.us:443/jquery-3.3.1.min.js

Unpacked files

SH256 hash:

6fc2d85f11a802fd6abca3bd24c3b97af10671772c884a743c6e623382cefd88

MD5 hash:

5064de995195186fe9388b8c0501e921

SHA1 hash:

2b946b49bac6e0bd998faff0f26a29c2a142bd07

Link:

https://www.unpac.me/results/ee8e8281-940e-4503-9294-54e5897c7489/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Trojan

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6fc2d85f11a802fd6abca3bd24c3b97af10671772c884a743c6e623382cefd88

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 6fc2d85f11a802fd6abca3bd24c3b97af10671772c884a743c6e623382cefd88

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/971746/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/112987/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample