MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c8621cc3827c1ffbd39ebc8b24e430e2e6aa5bd7b148edc110be9b2914799dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c8621cc3827c1ffbd39ebc8b24e430e2e6aa5bd7b148edc110be9b2914799dc
SHA3-384 hash: 902bcfd08f70f04395fdaf1f2f6bc094c11cf2e5d09f07fa8edeecba8568bfa70b98fec55d308f7c6ffb516b11ed42ee
SHA1 hash: d8113a0f0151254616e08bd84683a76fefaeddec
MD5 hash: f73c7c5491733bbf72e84a3eec778875
humanhash: early-black-idaho-spring
File name:fooler.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:3'055'616 bytes
First seen:2022-11-12 04:34:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a83a3abb3c24430abc10e29619fc8a0c (1 x CobaltStrike)
ssdeep 49152:Dgb1V8K/33adBUE9cYsZx1MvxSJG0nnkU2ge2PWDH8Cc+zD:D383sUMsJGqkU2glWDZc+zD
Threatray 2'075 similar samples on MalwareBazaar
TLSH T1CBE58DA0D8195BD4FCE491F507B6A34126133A71E813379EC1BC6AE0461496F3BAE4FE
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Reporter dor0n
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
225
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fooler.exe
Verdict:
No threats detected
Analysis date:
2022-11-12 03:29:36 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7f76a1a1-58b8-41de-8a89-abe0f473465f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/332779/
Detection(s):
SecuriteInfo.com.Win32.Malware.CobalStrike.EW1NEC.32280.13379.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
explorer.exe greyware packed
Link:
https://www.filescan.io/uploads/636f22766e54ea72582844cf/reports/db3e1310-729e-4e33-9be8-3572bc93168d/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/d21b25c4-15e7-4172-87db-aa3394d79bfa
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1111688
Signature
C2 URLs / IPs found in malware configuration
Early bird code injection technique detected
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Queues an APC in another process (thread injection)
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c8621cc3827c1ffbd39ebc8b24e430e2e6aa5bd7b148edc110be9b2914799dc/
Threat name:
Win64.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2022-11-12 04:35:10 UTC
File Type:
PE+ (Exe)
AV detection:
10 of 26 (38.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=psdcdtbye7a77pjz5peletsdbyxgvjn5pmki5xarbpu3fekhthoa._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
163ed9127c4215f7963066a7266168101d03393ca72cd3516b9063dad75c33c1
CobaltStrike
50961ee399fc45bdfcec9201e069417a8bd00bc38bd1707a32c65451c33a17da
CobaltStrike
63791a89341405f3c2bfa9454358dc970156cd21a8c69a58cff48b97e991e07c
CobaltStrike
6818881fa2f414dd471e2bbbd5d0321c94e66089737a603f6dc55d6f38b2f487
CobaltStrike
703c9237856738e87683ba32d983cbf8e5db2e284553190ee768d0ebb0a0580a
CobaltStrike
7a542cc9772e7433293f2633d019a9f4459ac516a06d5512ba886aeca6c6fa86
CobaltStrike
a210787ffd0a6a918cd8c950ce6b5af178902b2e5a49799e0a17d8b25200ca6f
CobaltStrike
cac95c6062dffb3995b56c092bd282c39ba8e4ec44131b8b5a830e134c248db8
CobaltStrike
+ 2'065 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/221112-e7nldsdf78/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of NtCreateUserProcessOtherParentProcess
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/2e094193-a408-449d-9ecb-8ee799460b4a
Unpacked files
SH256 hash:
7c8621cc3827c1ffbd39ebc8b24e430e2e6aa5bd7b148edc110be9b2914799dc
MD5 hash:
f73c7c5491733bbf72e84a3eec778875
SHA1 hash:
d8113a0f0151254616e08bd84683a76fefaeddec
Link:
https://www.unpac.me/results/b525aa88-31ee-4111-88e1-b257dbe9f8a4/
Malware family:
CobaltStrike
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/7c8621cc3827/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7c8621cc3827c1ffbd39ebc8b24e430e2e6aa5bd7b148edc110be9b2914799dc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/332779/

Comments