MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e5fb57cda3b3eb6b8e66027d2efdc87bcb3b0463431106ec6db93e11200ffc8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	8e5fb57cda3b3eb6b8e66027d2efdc87bcb3b0463431106ec6db93e11200ffc8
SHA3-384 hash:	48ccf063e23c10b15f8aa01862194cb7ff8b1298e7c5f2fc14c73e42c542489215bef8ed61e31e1b7a559d9fe1a5c78c
SHA1 hash:	8029e69df9ddc8c44db6c32bfd0b5091f88a0bd0
MD5 hash:	ae2e3dc2c232a7513fc9bc82ee489617
humanhash:	kilo-magazine-mango-florida
File name:	host64_sh.bin.dll
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	1'167'360 bytes
First seen:	2021-09-29 14:44:40 UTC
Last seen:	2021-09-29 16:11:04 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	24576:ijyqlwU8sQi+bnJmQIEtKjvjjDSwloHniuL5CA77M1YOK96gE:4yCbAb9K7jjDSwlyo1YOY6gE
Threatray	516 similar samples on MalwareBazaar
TLSH	T1CE45335AB1D31A20F17F443443A3A752B8B77740FB7661A407AED2BB5871FE8580CE86
Reporter	info_sec_ca
Tags:	CobaltStrike dll exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

542

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

host64_sh.bin.dll

Verdict:

No threats detected

Analysis date:

2021-09-29 19:37:19 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/ddaf4c07-0253-4420-8931-26f55c6e4838

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/193204/

Detection(s):

SecuriteInfo.com.Variant.Ulise.287043.15788.26721.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/e8cc7f9a-e3f0-4669-ba81-69932e8fe110

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/861370

Signature

Multi AV Scanner detection for submitted file

PE file has a writeable .text section

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8e5fb57cda3b3eb6b8e66027d2efdc87bcb3b0463431106ec6db93e11200ffc8/

Threat name:

Win64.Trojan.Ulise

Status:

Malicious

First seen:

2021-09-29 14:45:07 UTC

AV detection:

5 of 45 (11.11%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

2c672c1537655f77a4f7df0b300aaf54f1a8af6f8dfc72475441020721aed575

56c0dbbb56ab9b63c997eb80beb6392b50d507e4dc08ce617d32b8563fbd54ce

82576d0e8b54901d195af6f1f724e7689bdf1b3edac3aa51e118637163eed8f4

9c8e26bdf89634254162a5529bd2c8c3bc4c2215be3d7cb39a47fcd0327c045d

cb6a51b8a047de08fb4bfa7031bd1c917600e55c28f941a1da520e622c29f6a5

cdea3bc26665eb9e8656cf107f611f5da08afa12dc9dae129696762d959eb6dc

f60d8bd3ca821e7de945f17d646654b7c0f25949aa8c6f780313925076444fc2

+ 506 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/210929-r4qb2afbd6/

Behaviour

Cobaltstrike

Unpacked files

SH256 hash:

8e5fb57cda3b3eb6b8e66027d2efdc87bcb3b0463431106ec6db93e11200ffc8

MD5 hash:

ae2e3dc2c232a7513fc9bc82ee489617

SHA1 hash:

8029e69df9ddc8c44db6c32bfd0b5091f88a0bd0

Link:

https://www.unpac.me/results/76fcbccc-2587-4c47-9e96-b4531cd0f1e0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.30

Link:

https://yomi.yoroi.company/submissions/8e5fb57cda3b3eb6b8e66027d2efdc87bcb3b0463431106ec6db93e11200ffc8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/193204/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample