MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599
SHA3-384 hash:	6b1b39f58fc7608b2c45d1a7668d3c01a8ae100648e5dc2dc4c0c68d800df5264d0d2c1072258c97d5c98dff14556e2d
SHA1 hash:	dd77cee3d418a6462b2e31fabc76510b8f2320d5
MD5 hash:	45ed8898bead32070cf1eb25640b414c
humanhash:	johnny-kilo-maryland-one
File name:	836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	677'344 bytes
First seen:	2020-10-21 13:23:18 UTC
Last seen:	2020-10-21 14:05:15 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	102983d1d06c7d80b040d45e9425a96f (1 x CobaltStrike)
ssdeep	6144:dG+hzs3xTAC9Qw2bZV0dHRH2HzHoHdHyHK:dG+ABAC9QqxWTI9Sq
Threatray	621 similar samples on MalwareBazaar
TLSH	F8E49352719AC6A8C0774370416D877EEF92A4D20E22F1FFE51E6678C96B09FB4343A4
Reporter	JAMESWT_WT
Tags:	CobaltStrike TES LOGISTIKA d.o.o.

Code Signing Certificate

Organisation:	DigiCert High Assurance EV Root CA
Issuer:	DigiCert High Assurance EV Root CA
Algorithm:	sha1WithRSAEncryption
Valid from:	Nov 10 00:00:00 2006 GMT
Valid to:	Nov 10 00:00:00 2031 GMT
Serial number:	02AC5C266A0B409B8F0B79F2AE462577
Intelligence:	204 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	7431E5F4C3C1CE4690774F0B61E05440883BA9A01ED00BA6ABD7806ED3B118CF
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

3

# of downloads :

85

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/74138/

Detection(s):

PUA.Win.Trojan.Generic-6629274-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

DNS request

Sending a custom TCP request

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/505884

Signature

A

b

c

d

e

f

i

l

M

n

o

r

S

t

u

V

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599/

Threat name:

Win64.Trojan.Shelma

Status:

Malicious

First seen:

2020-10-21 02:56:10 UTC

File Type:

PE+ (Exe)

Extracted files:

15

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=qnw3nppg6zspuqvqedd3ivexcmbc5lehiegb5uiqjnwu35qvuwmq._file

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

05815c1e6e37cf16bb24c456836069a7709df19505708d26f503ff46360001ba

2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c

3e6c11f27c1309c63abe0a1563c6141ce7b8d8110419c572be46dcb3578db443

87dca59ec3d55bcb1b05da564e5ce0a164ab633f1c46a18a97f72a30efff7388

9a7d2b2c96ee9b7b0ddc1665988d935a719f04cdb2b2dd331ec36aa4f6597506

9c3b7ba8d375f19993312a6ac20418e0d107d73b30d585e9ad3646e150ff7c5a

a8241398b22ba3745b460a7a0c39cb9a86ca258b9283901d42e8dab283acb39b

ca00167290891c622745230d52c813ab8e25f18d2106f18fb6dc2594383b58d8

d44d718c247b1664861f987b1725314f152e43e7c1da80b163f812e1b7c3fdb7

f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f

+ 611 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

trojan backdoor family:cobaltstrike

Link:

https://tria.ge/reports/201021-w9xz4mlxfa/

Behaviour

Cobaltstrike

Malware Config

C2 Extraction:

http://tr.topbackupintheworld.com:443/admin
http://gf.topbackupintheworld.com:443/admin
http://bv.topbackupintheworld.com:443/admin

Unpacked files

SH256 hash:

836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599

MD5 hash:

45ed8898bead32070cf1eb25640b414c

SHA1 hash:

dd77cee3d418a6462b2e31fabc76510b8f2320d5

Link:

https://www.unpac.me/results/bb575221-9a52-4f3e-9b0d-c3e74cf9015c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Ryuk

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599

File information

The table below shows additional information about this malware sample such as delivery method and external references.

X

https://twitter.com/malwrhunterteam/status/1318904041590718469?s=20

Cape

Cape

https://www.capesandbox.com/analysis/74138/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample