MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d536b270b9bf18abaa1aac2515293cc30271ead88038fcefe7c04612b9a5c41. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d536b270b9bf18abaa1aac2515293cc30271ead88038fcefe7c04612b9a5c41
SHA3-384 hash: 5e530df9564101a6abd5da63fb00fab1fb49024bceb30830baed9641a8b036d4b0648a4c3968898ebc5f8be353dae015
SHA1 hash: 3c0f075196e601ef11b652b2088a56e680c1715f
MD5 hash: 7bc67d846493f2e7c132ef3953057661
humanhash: michigan-dakota-jupiter-football
File name:7bc67d846493f2e7c132ef3953057661
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:14'336 bytes
First seen:2022-09-09 01:03:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dc25ee78e2ef4d36faa0badf1e7461c9 (118 x CobaltStrike, 5 x Cobalt Strike)
ssdeep 192:ANH+DgGK83SxHn2OQ/dmBI4KBfTgir+xzL8QkVzd8bqUqV/Qjo7AGa:A1+kGKqbOCdWIVBff+xzLGVzdIfCXAn
Threatray 222 similar samples on MalwareBazaar
TLSH T18A521A35EA4378F1FD1A897014EFB6BF9EB3E1138C205C86CF94E94498234B6881765D
TrID 38.7% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
13.0% (.EXE) Win64 Executable (generic) (10523/12/4)
8.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter zbetcheckin
Tags:32 CobaltStrike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
650
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7bc67d846493f2e7c132ef3953057661
Verdict:
Suspicious activity
Analysis date:
2022-09-09 01:04:33 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4dfa198c-b3a2-4c0f-b6b1-8d5e391282b4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/308879/
Detection(s):
Win.Trojan.CobaltStrike-7899872-1
Create hunting rule

Win.Countermeasure.LoaderWinGeneric-9804845-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug cobalt rozena
Link:
https://www.filescan.io/uploads/631a910755480bd187d722a8/reports/886874bb-67fd-4bfa-93b2-c61f4e2a6659/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Cobalt Strike
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ba2aeed6-4e00-438e-9b94-110e8b41465a
Result
Threat name:
CobaltStrike, Metasploit
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1067511
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
Yara detected Metasploit Payload
Behaviour
Behavior Graph:
Download SVG
Detection:
cobaltstrike
Create hunting rule
Link:
https://mwdb.cert.pl/sample/7d536b270b9bf18abaa1aac2515293cc30271ead88038fcefe7c04612b9a5c41/
Threat name:
Win32.Backdoor.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2022-08-28 08:48:29 UTC
File Type:
PE (Exe)
AV detection:
24 of 26 (92.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pvjwwjyltpyyvovbvlbfcuutzqycohvnraby7tx6pqcgck42lraq._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
18172c576df793d31efad7ab1623e2fcc15e8f744bc8381d1a8a63421963e3e6
CobaltStrike
2874c64342b0deaca1f44aac74b0663926af3d039f0eebe5b20c0788ed6df4b4
CobaltStrike
5701a3c3a5ba47dfdf1fa7b70335419c2889b6649d30964145f68815920f7616
CobaltStrike
7f8f6685f7a93e134ea22dfc002505e12e68f37ca9dce13e0ecee894aab15bb2
CobaltStrike
8af8a2aa6d8db7a9bf93620814017b5296713963b74aba38eb7a35e62dcb7d3e
CobaltStrike
8f3eb6ca303de759c0530906ad4675432d7d3361641b46413e12f325b4028081
CobaltStrike
9b27a5018742f9fd6d6c1f94e56215b64eaf0b263e43b82feec02ceeab208398
CobaltStrike
+ 212 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220909-beydcadcdj/
Unpacked files
SH256 hash:
7d536b270b9bf18abaa1aac2515293cc30271ead88038fcefe7c04612b9a5c41
MD5 hash:
7bc67d846493f2e7c132ef3953057661
SHA1 hash:
3c0f075196e601ef11b652b2088a56e680c1715f
Link:
https://www.unpac.me/results/031c5b5e-b82c-4a83-bfe4-bc2b25a28f5c/
Malware family:
CobaltStrike
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/7d536b270b9b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7d536b270b9bf18abaa1aac2515293cc30271ead88038fcefe7c04612b9a5c41

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe 7d536b270b9bf18abaa1aac2515293cc30271ead88038fcefe7c04612b9a5c41

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2297331/
Cape
Cape
https://www.capesandbox.com/analysis/308879/

Comments


Avatar
zbet commented on 2022-09-09 01:03:34 UTC

url : hxxp://150.158.155.208/123.exe