MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8bb24503e3418b4e1879c450818a21da05f7f3a54da7939b3f1733b45c9bb029. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8bb24503e3418b4e1879c450818a21da05f7f3a54da7939b3f1733b45c9bb029
SHA3-384 hash: 949e6be6725c0048889728c60092611f7398c17907221ab100f6e19f56af4b9a2ff9621249025fbbceec4450f82ed6c3
SHA1 hash: 59a1f937d05d6a58f14d54c9ff28e2ee3848341b
MD5 hash: 96d91899cf019ab4c92d256a065caeb6
humanhash: blue-angel-fish-washington
File name:26add9bbf4d107.dll
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:472'064 bytes
First seen:2020-08-04 11:23:57 UTC
Last seen:2020-08-05 10:13:00 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash fefec65b5b0ea1e47e24a95031f14ce5 (1 x CobaltStrike)
ssdeep 12288:eKJka8ZVIz3uWFgqmLhoO7OYSOoD91i8xC9xuF:JL8ZRZLhD7ZSO291i8xIx
Threatray 70 similar samples on MalwareBazaar
TLSH 3EA4020175C1C472D57E95340570DA724B7FAE71EBD0ACDB2784293A8E342E28F35E6A
Reporter abuse_ch
Tags:CobaltStrike


Avatar
abuse_ch
Cobalt Strike C2s:
authoritative.rogerwlaker.xyz
cloudflare.robertstratton.xyz
managemen.onlinestephanie.xyz
status.jarredlike.xyz

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/38586/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/409185
Signature
Machine Learning detection for sample
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 256852 Sample: 26add9bbf4d107.dll Startdate: 04/08/2020 Architecture: WINDOWS Score: 52 25 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->25 27 Machine Learning detection for sample 2->27 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 regsvr32.exe 8->12         started        process5 14 iexplore.exe 11 83 10->14         started        process6 16 iexplore.exe 5 151 14->16         started        dnsIp7 19 edge.gycpi.b.yahoodns.net 87.248.118.22, 443, 49777, 49778 YAHOO-DEBDE United Kingdom 16->19 21 pagead.l.doubleclick.net 172.217.20.2, 443, 49762, 49763 GOOGLEUS United States 16->21 23 19 other IPs or domains 16->23
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8bb24503e3418b4e1879c450818a21da05f7f3a54da7939b3f1733b45c9bb029/
Threat name:
Win32.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 11:25:05 UTC
File Type:
PE (Dll)
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rozeka7digfu4gdzyriidcrb3ic7p45fjwtzhgz7c4z3ixe3wauq._file
Verdict:
malicious
Similar samples:
2610754a99eb906bc26243eff669ca156c0b0cfb56875fc93ec17a607c95cfb4
CobaltStrike
389f2000a22e839ddafb28d9cf522b0b71e303e0ae89e5fc2cd5b53ae9256848
CobaltStrike
3dfb4e7ca12b7176a0cf12edce288b26a970339e6529a0b2dad7114bba0e16c3
CobaltStrike
4d71f1eab01045de9ae76ea248be7746bad70c12ad977eeb6e8f8e46bbce6395
CobaltStrike
4d8232c8973ec2c528be5f380b9f027a7221023e2b2e774403a8839385b2e197
CobaltStrike
514de96ef99941a0c9712622848b687b402b0635a4bb45cf1cee0002fe8cdfcd
CobaltStrike
8668a50a557e2b402d105cd44953bcb7f2a854b34ed6fa89daabe706f809ce32
CobaltStrike
a68210378135bd42e9a1a8e854fb0cab06f58ffcab9a8583f0654fe9807c5555
CobaltStrike
e05f6dab54210a041235191663afd7f296c4733e42d9f09b971a9861bf317df8
CobaltStrike
fb01851fc2be012833865bd37f81fa98f6a27131bb660e5b01c5eedb8070ceab
CobaltStrike
+ 60 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200804-kekk8j8f7x/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8bb24503e3418b4e1879c450818a21da05f7f3a54da7939b3f1733b45c9bb029

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

DLL dll 8bb24503e3418b4e1879c450818a21da05f7f3a54da7939b3f1733b45c9bb029

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/424304/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/38586/

Comments


Avatar
Rony commented on 2020-08-05 12:01:59 UTC

Also dropped from this maldoc 7888a1c70bc711f34ac921d2c577d938
report: https://tria.ge/200805-7hw74e4f9s/behavioral1