MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79af3ed8a0c8344fb0bd82dd41e2cc753cf2f9c8825f333348ca2bebf1ede032. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	79af3ed8a0c8344fb0bd82dd41e2cc753cf2f9c8825f333348ca2bebf1ede032
SHA3-384 hash:	8b10bdf52894674b6c7ff227f04541393d623c128c1abd719dfa69e521b35c4a6dfd40d0fa46e5ff528030685bd26c50
SHA1 hash:	d6512b86eb8d573a6b225337074056eac4baefdf
MD5 hash:	9477aaddb12987f5640e72be0f753d1e
humanhash:	cat-fix-carpet-mirror
File name:	79af3ed8a0c8344fb0bd82dd41e2cc753cf2f9c8825f333348ca2bebf1ede032.bin
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	291'992 bytes
First seen:	2021-05-31 11:19:36 UTC
Last seen:	2021-05-31 12:16:25 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	3d00a5aa14ca9bec3e1ea153cbdef791 (4 x CobaltStrike)
ssdeep	3072:16s6+7I8ItvWmwnCHrIaRKq874B/4e19i+UJcZDn57e7gYJA7JYt2o8dpy8wF3he:E+v8v3wbPt21Pi+UJy57eV272hLpUIQv
Threatray	5 similar samples on MalwareBazaar
TLSH	5654BF9AFC3972AEFE61817D41914032225FDC3C041139079BD5E7A72C8974A1BEFADA
Reporter	JAMESWT_WT
Tags:	1.A Connect GmbH CobaltStrike exe

Code Signing Certificate

Organisation:	1.A Connect GmbH
Issuer:	COMODO RSA Code Signing CA
Algorithm:	sha256WithRSAEncryption
Valid from:	2018-08-13T00:00:00Z
Valid to:	2022-08-13T23:59:59Z
Serial number:	a7e4ded4bf949d15aa4201843f1ab64d
Intelligence:	30 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:	This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:	SHA256
Thumbprint:	d519622e7d1eab2c240860d38779704319f1349cc57ab8c3d51d9f56145b582f
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

190

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

79af3ed8a0c8344fb0bd82dd41e2cc753cf2f9c8825f333348ca2bebf1ede032.bin

Verdict:

No threats detected

Analysis date:

2021-05-31 11:27:46 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/dea87cf6-480d-43c4-9fb8-172e068071e5

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

CobaltStrikeBeacon

Link:

https://www.capesandbox.com/analysis/163455/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.36701151.20024.16750.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Connection attempt

Sending a UDP request

Launching the default Windows debugger (dwwin.exe)

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/794692

Signature

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/79af3ed8a0c8344fb0bd82dd41e2cc753cf2f9c8825f333348ca2bebf1ede032/

Threat name:

Win64.Trojan.CobaltStrike

Status:

Malicious

First seen:

2021-04-13 21:56:07 UTC

File Type:

PE+ (Exe)

AV detection:

24 of 45 (53.33%)

Threat level:

5/5

Verdict:

unknown

CobaltStrike

6698fffa953b2fefcce456ca8fd15e80bf4478277166c9017d3aa519f9462e37

CobaltStrike

7d44007cdcfe063f3c1d38e29764e1b14ab2bbcea4cd90db04bdc8fa0c86b9aa

CobaltStrike

891963a81a44a4539492b1c7aaa3c0ff69a758ecafa6968cd242dc62982cc446

CobaltStrike

bdc7619588ad4a12c7711965b8c80991621646bb86d1ef8a8c19050c9082d45c

CobaltStrike

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:1359593325 backdoor trojan

Link:

https://tria.ge/reports/210531-1k3p6mnz9a/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Cobaltstrike

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.39

Link:

https://yomi.yoroi.company/submissions/79af3ed8a0c8344fb0bd82dd41e2cc753cf2f9c8825f333348ca2bebf1ede032

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/163455/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample