MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73aba991054b1dc419e35520c2ce41dc263ff402bcbbdcbe1d9f31e50937a88e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73aba991054b1dc419e35520c2ce41dc263ff402bcbbdcbe1d9f31e50937a88e
SHA3-384 hash: cb0d6acd8e3e6ff1b8c05b26014ad06a9257faf47404d9ebddf8abbb3ebbe253ea6ec392269e7cb7c9f0401dbf1dbf17
SHA1 hash: 642e813d7cdab1094d4bdb1f06604d3ad02c20b3
MD5 hash: c57f650de6e54e34cb15dd391b4d5095
humanhash: lemon-california-mike-foxtrot
File name:nxblma.dll
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:1'544'704 bytes
First seen:2022-03-11 14:44:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c4e18a4c26a3bff9f22d55e60a49a151 (1 x CobaltStrike)
ssdeep 24576:NJsXp5bijmpa8g33UIBQycuNUmp9r46N6qFa4kzPptN/27GKWMXxB4VW1:NJsKYa8g33UIBRtB9cEJa4mx/sJbt1
Threatray 1'518 similar samples on MalwareBazaar
TLSH T1F365AE7D5F6202A5E472A438C87A08078AF47DB151F471A3DB97624ACE3E7E16339B0D
Reporter malware_traffic
Tags:Beacon Cobalt Strike CobaltStrike exe


Avatar
malware_traffic
Run method: regsvr32.exe /s [filename]

Intelligence

File Origin
# of uploads :
1
# of downloads :
638
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
nxblma.dll
Verdict:
No threats detected
Analysis date:
2022-03-11 14:39:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bc524637-e902-4837-96a4-1e01b9d1a667

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/8870/overview
Behaviour
MeasuringTime
SystemUptime
CheckCmdLine
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed warp
Link:
https://www.filescan.io/uploads/622b6073b94fb38cb45d29d0/reports/181e504f-d75e-448c-a26d-66fe4858f5e3/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/249e0a51-2a35-44ce-9ad3-1cee68b61a75
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
28 / 100
Link:
https://www.joesandbox.com/analysis/954934
Signature
Sigma detected: Suspicious Call by Ordinal
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 587415 Sample: nxblma.dll Startdate: 11/03/2022 Architecture: WINDOWS Score: 28 19 Sigma detected: Suspicious Call by Ordinal 2->19 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 2 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/73aba991054b1dc419e35520c2ce41dc263ff402bcbbdcbe1d9f31e50937a88e/
Threat name:
Win64.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2022-03-11 14:45:14 UTC
File Type:
PE+ (Dll)
Extracted files:
6
AV detection:
4 of 41 (9.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oov2teifjmo4igpdkuqmftsb3qtd75acxs55zpq5t4y6kcjxvcha._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
1196cd7aca5d5576e3d142339e6d7fd9325f4210c6ae196065d766a1468da08c
CobaltStrike
22c034ac5a7ac3b628cbb37b575ac528030c961490e41bbe9435319fde8db07b
CobaltStrike
4dd194d5f8fb499deaa1294d5872b4076df6260a29284a17fe11032d094856c4
CobaltStrike
5b8003ff376c2b14085ccb6a80a2ad413cd7c66edea216cb72890fb7dc70d5c0
CobaltStrike
80ceb4bfb2275af2edd90f25d428fae22686ed75b7c5d9cc5fc003866021a712
CobaltStrike
9ca6449c0586a77c55586bcc7adfaef2c3cc53da4713c5ed57fced15a3054545
CobaltStrike
b156d3fddec3ec4b06b17703426bdd76896e70784eb3c29d085d385b53ef6f09
CobaltStrike
d1d0c9d1ee7b800d491c9fb3fc94b93e5c59d903a4debb092846c46481077ae0
CobaltStrike
ea27ef027a10c66b256aceb6e3c4a970d7076b3d3571885ab8e2f2a19c21aa97
CobaltStrike
+ 1'508 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220311-r4qmsshhd5/
Unpacked files
SH256 hash:
73aba991054b1dc419e35520c2ce41dc263ff402bcbbdcbe1d9f31e50937a88e
MD5 hash:
c57f650de6e54e34cb15dd391b4d5095
SHA1 hash:
642e813d7cdab1094d4bdb1f06604d3ad02c20b3
Link:
https://www.unpac.me/results/8bb98109-5a07-4bc3-96b3-6d584eb7b1c2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/73aba991054b1dc419e35520c2ce41dc263ff402bcbbdcbe1d9f31e50937a88e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:crime_win32_ransom_avaddon_1
Create hunting rule
Author:@VK_Intel
Description:Detects Avaddon ransomware
Reference:https://twitter.com/VK_Intel/status/1300944441390370819

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/bc524637-e902-4837-96a4-1e01b9d1a667
Joe
Joe Sandbox
https://www.joesandbox.com/analysis/954932
Cape
Cape
https://capesandbox.com/analysis/249461/
  
Dropped by
Emotet

Comments