MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f3eb6ca303de759c0530906ad4675432d7d3361641b46413e12f325b4028081. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f3eb6ca303de759c0530906ad4675432d7d3361641b46413e12f325b4028081
SHA3-384 hash: 96793d80d55035fe7c97ae38a469c57e9fec8efe51b366d3d180b976289f09b0943344349a25bd6ac2138901229bd2c1
SHA1 hash: 50ffd5e0e0ac0876f61885f610d5d4f50465cf84
MD5 hash: da977ca12c4990e59598897e40e4e8d7
humanhash: low-failed-lion-fourteen
File name:da977ca12c4990e59598897e40e4e8d7.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:14'336 bytes
First seen:2020-11-05 15:37:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dc25ee78e2ef4d36faa0badf1e7461c9 (118 x CobaltStrike, 5 x Cobalt Strike)
ssdeep 192:AqH+DgGK83SxHn2OQ/dmBI4KBfTgir+xzQdspobqUqV/Qjo7AGa:AG+kGKqbOCdWIVBff+xzXSfCXAn
Threatray 163 similar samples on MalwareBazaar
TLSH BF52F775EA4378F2FD1A497014EBB6FFAEB3E1238C115CC6CFA4DD416827466880664E
Reporter abuse_ch
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/83308/
Detection(s):
Win.Trojan.CobaltStrike-7899872-1
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending an HTTP GET request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/521696
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to detect sleep reduction / modifications
Detected unpacking (creates a PE file in dynamic memory)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8f3eb6ca303de759c0530906ad4675432d7d3361641b46413e12f325b4028081/
Threat name:
Win32.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2020-10-24 14:57:22 UTC
File Type:
PE (Exe)
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
2d797a098d2c0e164f5bfe29e3ae282f873709270f05950a3dc76d65f1acf47c
CobaltStrike
53c9abf3e3d86b1d9d633aff273a70f11e83858d3fdb362108395f170bcdebc4
CobaltStrike
5cd1e21eef3c4ed694dc429b88b403995244060feb4fdea12473aff4d782e1f5
CobaltStrike
843ecb8f65383d379efac41850e2962630597fbb9d327215268c480e896fa16a
CobaltStrike
9b27a5018742f9fd6d6c1f94e56215b64eaf0b263e43b82feec02ceeab208398
CobaltStrike
a9ca1d6a981ccc8d8b144f337c259891a67eb6b85ee41b03699baacf4aae9a78
CobaltStrike
ad42170cf53ef7e0ea91196fedd5f8ae7665e207f9de002c63562f4b1db57717
CobaltStrike
b568a4ca18fce49b465d0db8697640d556f579932db0315398a810140c66f0db
CobaltStrike
d0c88b0ca2a78ef90470498fa686ad63e3473a4fc1337b2850461ecc07bd5b34
CobaltStrike
d1a71b6a8691f72eb133570b9e90e8de061a652a35e3b4039d0875bbc0f76f1c
CobaltStrike
+ 153 additional samples on MalwareBazaar
Result
Malware family:
metasploit
Create hunting rule
Score:
  10/10
Tags:
family:metasploit backdoor trojan
Link:
https://tria.ge/reports/201105-dvadphx9pn/
Behaviour
MetaSploit
Malware Config
C2 Extraction:
http://31.44.184.131:80/sPIP
Unpacked files
SH256 hash:
8f3eb6ca303de759c0530906ad4675432d7d3361641b46413e12f325b4028081
MD5 hash:
da977ca12c4990e59598897e40e4e8d7
SHA1 hash:
50ffd5e0e0ac0876f61885f610d5d4f50465cf84
Link:
https://www.unpac.me/results/0203706e-66f7-41ec-90c2-10c7181609e8/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe 8f3eb6ca303de759c0530906ad4675432d7d3361641b46413e12f325b4028081

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/83308/
  
URLhaus
https://urlhaus.abuse.ch/url/789540/
  
Delivery method
Distributed via web download

Comments