MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c4ec96ba82e79cb37c6829a595dc09b76568a5dadd82c743c3f9a69c985ad83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c4ec96ba82e79cb37c6829a595dc09b76568a5dadd82c743c3f9a69c985ad83
SHA3-384 hash: 83f3277b550f8c74bffb58561e20dc8b76cd679afb2e0d8b63b700d19d70763d6d2f70098719b503db7e852065ab3fbd
SHA1 hash: 381994e2140ce8d255952d13f05d8d79da1e1c74
MD5 hash: 363431c16f8b0a0196b67b11adf75ebd
humanhash: one-queen-ten-montana
File name:363431c16f8b0a0196b67b11adf75ebd
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:348'160 bytes
First seen:2021-07-14 17:53:27 UTC
Last seen:2021-07-14 18:45:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c3803752167a683f3dbd2e2ab3d19b6d (4 x CobaltStrike)
ssdeep 6144:IpWMSmgY0IyFpXjsCEqhp3xuo8Pr7Jjc7wPxfC:lHP7LFVst+0oA71+AC
Threatray 365 similar samples on MalwareBazaar
TLSH T131741237D23060D6C05A00F55A0DE7BF99181D2076E2AC3E55D287EA8936EF76873B27
Reporter zbetcheckin
Tags:32 CobaltStrike exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
494
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
363431c16f8b0a0196b67b11adf75ebd
Verdict:
Malicious activity
Analysis date:
2021-07-14 17:55:44 UTC
Tags:
trojan cobaltstrike
Link:
https://app.any.run/tasks/e8247d4a-fdba-454b-971a-d361c79f5b59

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171798/
Detection(s):
PUA.Win.Packer.NspackDotnetNor-2
Create hunting rule

PUA.Win.Packer.NspackDotnetNor-1
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
CobaltStrike
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b4591698-51f7-4008-9433-c2ef5a7182b6
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/816479
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Tries to detect virtualization through RDTSC time measurements
Yara detected CobaltStrike
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c4ec96ba82e79cb37c6829a595dc09b76568a5dadd82c743c3f9a69c985ad83/
Threat name:
Win32.Hacktool.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2021-07-14 17:07:52 UTC
File Type:
PE (Exe)
AV detection:
28 of 46 (60.87%)
Threat level:
  1/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
324fc8140985441a5ae5d9717b17d7129b467e84567003ea477182aa103044a7
CobaltStrike
7c459b8af45fb919074c455f2114376b6c4ed126f75b73c9979ebdcce70538b0
CobaltStrike
7d393a34237a6d5d1df6e2178afd69b2e918a98f13802ea831c6f85801b84079
CobaltStrike
925dbf95054df732ae3e22d9549cc9b8f9eee2fd0d05f9cc59091c197b6be637
CobaltStrike
975b4d651dff5feb57a57bc9e093cd60a2ff10ed02f08a6a11d06de3e4b25653
CobaltStrike
9af4b3b8c67d21fef69dee132cb686d1cb9e34e2d5e807b05c2a92e48f08dd39
CobaltStrike
eb86c3f0afa27791f60270fdb97b4eed295b31735b6fb45c37a6503d0bf3511d
CobaltStrike
+ 355 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike botnet:1359593325 backdoor trojan
Link:
https://tria.ge/reports/210714-sx39qbdre6/
Behaviour
Cobaltstrike
Malware Config
C2 Extraction:
http://192.236.146.5:80/cx
Unpacked files
SH256 hash:
b250546760e98b5ceda855877a67894d517741e273fa7493fd3e3b1814414e99
MD5 hash:
a33fb7f091702a071854a6b6c5965cdf
SHA1 hash:
20d41dc516806a7595dff991b710f863cafe4ca1
Link:
https://www.unpac.me/results/4f55c525-7398-4e45-bd11-f4286f484a1a/
SH256 hash:
ac48fd1c4f2b7844b067c5a01acf871b73d1b104977f82d224ca5a38dbfd6a15
MD5 hash:
7f5c77d59509bfe8f9a09de076d7bc05
SHA1 hash:
62eac9bcab1813017afaeba75b935f3501c9e342
Link:
https://www.unpac.me/results/4f55c525-7398-4e45-bd11-f4286f484a1a/
SH256 hash:
7c4ec96ba82e79cb37c6829a595dc09b76568a5dadd82c743c3f9a69c985ad83
MD5 hash:
363431c16f8b0a0196b67b11adf75ebd
SHA1 hash:
381994e2140ce8d255952d13f05d8d79da1e1c74
Link:
https://www.unpac.me/results/4f55c525-7398-4e45-bd11-f4286f484a1a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/7c4ec96ba82e79cb37c6829a595dc09b76568a5dadd82c743c3f9a69c985ad83

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe 7c4ec96ba82e79cb37c6829a595dc09b76568a5dadd82c743c3f9a69c985ad83

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1454542/
Cape
Cape
https://www.capesandbox.com/analysis/171798/
  
URLhaus
https://urlhaus.abuse.ch/url/1454659/
  
URLhaus
https://urlhaus.abuse.ch/url/1454900/
  
URLhaus
https://urlhaus.abuse.ch/url/1454901/
  
URLhaus
https://urlhaus.abuse.ch/url/1454918/
  
URLhaus
https://urlhaus.abuse.ch/url/1454923/
  
URLhaus
https://urlhaus.abuse.ch/url/1454929/
  
URLhaus
https://urlhaus.abuse.ch/url/1454944/
  
URLhaus
https://urlhaus.abuse.ch/url/1454961/
  
URLhaus
https://urlhaus.abuse.ch/url/1454971/
  
URLhaus
https://urlhaus.abuse.ch/url/1454925/
  
URLhaus
https://urlhaus.abuse.ch/url/1454982/
  
URLhaus
https://urlhaus.abuse.ch/url/1454983/
  
URLhaus
https://urlhaus.abuse.ch/url/1454993/
  
URLhaus
https://urlhaus.abuse.ch/url/1455011/
  
URLhaus
https://urlhaus.abuse.ch/url/1455015/
  
URLhaus
https://urlhaus.abuse.ch/url/1455214/
  
URLhaus
https://urlhaus.abuse.ch/url/1456675/
  
URLhaus
https://urlhaus.abuse.ch/url/1456686/

Comments


Avatar
zbet commented on 2021-07-14 17:53:28 UTC

url : hxxp://fasteasyupdates.com:8088/templates/file4.bin