MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 923de5fc24a860522375e93ea09e4298e5a1dfaa6a17c61754162aa3d4339bce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
CobaltStrike
Vendor detections: 7
| SHA256 hash: | 923de5fc24a860522375e93ea09e4298e5a1dfaa6a17c61754162aa3d4339bce |
|---|---|
| SHA3-384 hash: | f3e52c181b18fd4a1b9d99bd04c27a689fac0146c636f2e7a7010237f231c7b336873374da7bceff6a48a4b34f5492bb |
| SHA1 hash: | 2f4fd1121786170c10e07fdab5a15aa4f8dddb00 |
| MD5 hash: | 10d97303ac2177c3cd4e54c9e57a4c53 |
| humanhash: | arizona-ink-nitrogen-lima |
| File name: | 10d97303ac2177c3cd4e54c9e57a4c53 |
| Download: | download sample |
| Signature | CobaltStrike |
| File size: | 348'160 bytes |
| First seen: | 2021-07-14 20:52:48 UTC |
| Last seen: | 2021-07-14 21:49:06 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | c3803752167a683f3dbd2e2ab3d19b6d (4 x CobaltStrike) |
| ssdeep | 6144:IpWMSmgY0IyFpXjsCEqhp3xuo8Pr7Jjc7wPxrC:lHP7LFVst+0oA71+cC |
| Threatray | 370 similar samples on MalwareBazaar |
| TLSH | T155741237D23060D6C05A00F55A0DE7BF99181D2076E2AC3E55D287EA8936EF76873B27 |
| Reporter |  zbetcheckin |
| Tags: | 32 CobaltStrike exe |
Intelligence
File Origin
# of uploads :
2
# of downloads :
499
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
10d97303ac2177c3cd4e54c9e57a4c53
Verdict:
Suspicious activity
Analysis date:
2021-07-14 20:55:54 UTC
Tags:
n/a
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
CobaltStrike
Verdict:
Malicious
Result
Threat name:
CobaltStrike
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Tries to detect virtualization through RDTSC time measurements
Yara detected CobaltStrike
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Threat name:
Win32.Hacktool.CobaltStrike
Status:
Malicious
First seen:
2021-07-14 16:16:42 UTC
File Type:
PE (Exe)
AV detection:
28 of 46 (60.87%)
Threat level:
1/5
Verdict:
malicious
Label(s):
cobaltstrike
Similar samples:
+ 360 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Score:
10/10
Tags:
family:cobaltstrike botnet:1359593325 backdoor trojan
Behaviour
Cobaltstrike
Malware Config
C2 Extraction:
http://192.236.146.5:80/cx
Unpacked files
SH256 hash:
b250546760e98b5ceda855877a67894d517741e273fa7493fd3e3b1814414e99
MD5 hash:
a33fb7f091702a071854a6b6c5965cdf
SHA1 hash:
20d41dc516806a7595dff991b710f863cafe4ca1
SH256 hash:
6b071a41b08e46890cd81bff82a362a722a21969f6de0d0e83d438abd14ed106
MD5 hash:
31bba8af1ed4ad41436d7d39321176c1
SHA1 hash:
61ca36ecebd948c24b250464f571061c76c1ce79
SH256 hash:
923de5fc24a860522375e93ea09e4298e5a1dfaa6a17c61754162aa3d4339bce
MD5 hash:
10d97303ac2177c3cd4e54c9e57a4c53
SHA1 hash:
2f4fd1121786170c10e07fdab5a15aa4f8dddb00
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.url : hxxp://webservicesamazin.com:8088/wp-theme/file9.bin