MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75910d91797aedee507082e4af6260d42b6bb6eb877e5c96107693beee6a2085. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75910d91797aedee507082e4af6260d42b6bb6eb877e5c96107693beee6a2085
SHA3-384 hash: d599d4acbd64dc44172b8a0b6dc19e8e96bd012e08f2b9d81035ae3b3d38a759cb7234bd97fdbf873841d2b8a2407087
SHA1 hash: 345bc87b6097e86839501df48f4d81ebbff05f54
MD5 hash: 9279850a2bbe0fafbce4afde9ada082c
humanhash: leopard-enemy-cup-jig
File name:75910d91797aedee507082e4af6260d42b6bb6eb877e5c96107693beee6a2085
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:654'848 bytes
First seen:2022-01-06 03:25:49 UTC
Last seen:2022-01-06 05:08:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840 (237 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep 12288:kX2Kj/uoGBLAfv2LJlc3AtjIY2gLf5NtWXqYeHAG+6BN/UsB/7Q09p9wZiwBT272:q2q/aJLJl4Y2gLf5NERw+sBnwZpTtv
Threatray 1'550 similar samples on MalwareBazaar
TLSH T10DD423BE50B60BE9D2FA85F96F2508BB500571EC7F4726EA0435C0B129B08977F88677
Reporter JAMESWT_WT
Tags:cgbchnia CobaltStrike exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
591
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
340dc10d7e8cd5dde9b2d2a35b130f014012083273fa9ff01077de1b9c9e177c
Verdict:
Suspicious activity
Analysis date:
2022-01-06 03:28:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d2bd437d-786f-4770-853d-d20e058d841f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/217494/
Detection(s):
SecuriteInfo.com.BehavesLike.Win64.Trickbot.jc.12571.87.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Launching a process
Searching for the window
DNS request
Sending a custom TCP request
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/61d6615402e388f9fdaf2218/reports/c3aa1212-2fc9-4c84-9183-c0b209a88ecd/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/b29c92da-ae20-41d1-bd10-b299c89fd69e
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/916124
Signature
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found malware configuration
Injects code into the Windows Explorer (explorer.exe)
Multi AV Scanner detection for submitted file
Performs DNS queries to domains with low reputation
System process connects to network (likely due to code injection or exploit)
Writes to foreign memory regions
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/75910d91797aedee507082e4af6260d42b6bb6eb877e5c96107693beee6a2085/
Threat name:
Win64.Trojan.WinGGo
Create hunting rule
Status:
Malicious
First seen:
2022-01-06 01:48:00 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
10 of 28 (35.71%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
032f8678c49d5320602b75ce8da611d6bc4268354e905aed217451d7f739da67
CobaltStrike
31bffcb4afdba092230c1e621a8259aff530d812ababfe2d34af5fbfea827efd
CobaltStrike
49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a
CobaltStrike
4e9cee63c296120b3640a6201b4cb4295be8cfec39a4828eb4c4fc34d69cc69c
CobaltStrike
56f3f593d4bf728840e00df5ba1a1fe1ffddf142a3e42dac6023c866d3670624
CobaltStrike
a8241398b22ba3745b460a7a0c39cb9a86ca258b9283901d42e8dab283acb39b
CobaltStrike
b820e8a2057112d0ed73bd7995201dbed79a79e13c79d4bdad81a22f12387e07
CobaltStrike
e424a0ff956433e468ec8c1220f6b2b760e8624187c011e4dabf227a285af670
CobaltStrike
f74f5eb8416d9522e703877e104ac7923cc3efeedaa1138b6221726b0d359096
CobaltStrike
+ 1'540 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/220106-dy7r8sahg7/
Unpacked files
SH256 hash:
75910d91797aedee507082e4af6260d42b6bb6eb877e5c96107693beee6a2085
MD5 hash:
9279850a2bbe0fafbce4afde9ada082c
SHA1 hash:
345bc87b6097e86839501df48f4d81ebbff05f54
Link:
https://www.unpac.me/results/6c36beb5-b355-4e32-8c42-f79783681699/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/75910d91797aedee507082e4af6260d42b6bb6eb877e5c96107693beee6a2085

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:GoBinTest
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/217494/

Comments