MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8370b5aaf5d21fdfe7052c90b1e6b8fd3e0fa0bc26007badd416b1d4a99bc3cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	8370b5aaf5d21fdfe7052c90b1e6b8fd3e0fa0bc26007badd416b1d4a99bc3cd
SHA3-384 hash:	09562800ef538eeec1139fe6486ef06914b340396ca35366eccaaa7a28b0e1119999edd7d826ba22546a138d2ae1a23d
SHA1 hash:	ff6966a1e5c4d087dc248eaec4a5f7335bb6ea8b
MD5 hash:	aed10704bfb8f9eff057d5523b9ad431
humanhash:	asparagus-four-texas-nine
File name:	cobalt.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	49'152 bytes
First seen:	2021-08-17 13:28:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	06e8f0aa78077662ed7dc65b668aaf46 (1 x CobaltStrike)
ssdeep	768:YTLREdIbQ3eHapzEMPKBLHLi8fUCUNR/llS7Pgasu2ZbykxpTrs4duRxa:FIbQaapfK9HLJsCyRj/u0rs4dcxa
TLSH	T1DC233B62BBA4595AE8F14B3B1DED3B1608217D73883CD05C73C8558FCDB2A06E9517B2
dhash icon	b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter	madjack_red
Tags:	CobaltStrike exe

Intelligence

File Origin

# of uploads :

# of downloads :

471

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

artvnch.exe

Verdict:

Malicious activity

Analysis date:

2019-12-08 18:17:49 UTC

Tags:

trojan cobaltstrike

Link:

https://app.any.run/tasks/8809fbc7-9c09-4c39-b200-3a211fe4b462

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/179973/

Detection(s):

SecuriteInfo.com.BackDoor.Meterpreter.103.22973.13623.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/3ba444ae-e02a-4a63-bfc2-1cbb3c630b6f

Result

Threat name:

Metasploit

Detection:

malicious

Classification:

troj.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/834366

Signature

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Detected unpacking (changes PE section rights)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Metasploit Payload

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8370b5aaf5d21fdfe7052c90b1e6b8fd3e0fa0bc26007badd416b1d4a99bc3cd/

Threat name:

Win32.Trojan.Hancitor

Status:

Malicious

First seen:

2019-11-19 16:19:59 UTC

File Type:

PE (Exe)

AV detection:

23 of 27 (85.19%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qnyllkxv2ip57zyffsildzvy7u7a7if4eyahxlouc2y5jkm3ypgq._file

Verdict:

malicious

Label(s):

cobaltstrike

Result

Malware family:

metasploit

Score:

10/10

Tags:

family:metasploit backdoor trojan

Link:

https://tria.ge/reports/210817-9p9nkpzmc6/

Behaviour

MetaSploit

Malware Config

C2 Extraction:

http://31.44.184.125:80/tYX7

Unpacked files

SH256 hash:

8370b5aaf5d21fdfe7052c90b1e6b8fd3e0fa0bc26007badd416b1d4a99bc3cd

MD5 hash:

aed10704bfb8f9eff057d5523b9ad431

SHA1 hash:

ff6966a1e5c4d087dc248eaec4a5f7335bb6ea8b

Link:

https://www.unpac.me/results/a49c4f12-da8b-4e9f-be7b-49f8828763e6/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8370b5aaf5d21fdfe7052c90b1e6b8fd3e0fa0bc26007badd416b1d4a99bc3cd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/179973/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample