MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 80ce381fa35b89c2855f2b99fdb9c32b1899db46d38a6b31e4aa82bc5781d306. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	80ce381fa35b89c2855f2b99fdb9c32b1899db46d38a6b31e4aa82bc5781d306
SHA3-384 hash:	26a87711175cdc10c5d96cbffea37824a3866400adcd938cc946f6eea21a9c6382cdf2d4783bf405af10fe10330d5186
SHA1 hash:	230979735a7ea633327310e5360e6a82f74707b6
MD5 hash:	aca28eac33b9299428bd2a19566d12ba
humanhash:	ten-shade-carbon-kitten
File name:	80ce381fa35b89c2855f2b99fdb9c32b1899db46d38a6b31e4aa82bc5781d306
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	288'256 bytes
First seen:	2020-09-04 08:42:08 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	17b461a082950fc6332228572138b80c (121 x CobaltStrike, 2 x Cobalt Strike)
ssdeep	3072:PyEQr77DfVGSMZNCAxG82d4tjKR3sAlOwA0kLAWpUoqDOPLrZBx/3JnaoBvDaIVV:P3y5GVgAYxs0jM1nWo9JNvDa43
TLSH	2B54AE757F497984D00B3ABA4CBD493EB4CF17E12AE059FC2756E0A1EF90B322814997
Reporter	JAMESWT_WT
Tags:	144.202.125.162 CobaltStrike

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/55624/

Detection(s):

Win.Trojan.CobaltStrike-9044898-1

Win.Trojan.CobaltStrike-7899871-1

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Sending an HTTP GET request

Sending a UDP request

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/80ce381fa35b89c2855f2b99fdb9c32b1899db46d38a6b31e4aa82bc5781d306/

Threat name:

Win64.Trojan.CobaltStrike

Status:

Malicious

First seen:

2020-08-10 16:38:00 UTC

File Type:

PE+ (Exe)

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

trojan backdoor family:cobaltstrike

Link:

https://tria.ge/reports/200904-jy947fgmta/

Behaviour

Cobaltstrike

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

CobaltStrike

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/80ce381fa35b89c2855f2b99fdb9c32b1899db46d38a6b31e4aa82bc5781d306

File information

The table below shows additional information about this malware sample such as delivery method and external references.

https://twitter.com/malwrhunterteam/status/1301802097143361538?s=20

Cape

https://www.capesandbox.com/analysis/55624/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample