MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93896b303630422dc604fa9ce9dcf1ccd93f823cd90d46c2b55029ea004f1a41. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 16


Intelligence 16 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93896b303630422dc604fa9ce9dcf1ccd93f823cd90d46c2b55029ea004f1a41
SHA3-384 hash: 6c72057069d9bbfb75387818f6320852becc89bc8eb7a55e89afad399994a71d20744e164fe86a17c8eb5924a60763a8
SHA1 hash: 7879c9347c5ea9f2c8f6c3d4ec8cb3b510330a63
MD5 hash: 27c4f6ca1b49e3723ba158c9c268a526
humanhash: cola-paris-arizona-delta
File name:27c4f6ca1b49e3723ba158c9c268a526
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:21'504 bytes
First seen:2023-06-10 04:43:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b76b81f4a49e6d89fb9b3188ab53b9e6 (1 x CobaltStrike)
ssdeep 384:v+pv2zG72HYdtLUF4ZENy+Tq25hcttCW:G2ALUJ9DW
TLSH T1B1A2E86FE393A8E8C147D1B892FFA77690F23D3146AA572D2258D3302F509D44BB9512
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter zbetcheckin
Tags:64 Cobalt Strike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
297
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
cobaltstrike
Create hunting rule
ID:
1
File name:
27c4f6ca1b49e3723ba158c9c268a526
Verdict:
Malicious activity
Analysis date:
2023-06-10 04:45:45 UTC
Tags:
cobaltstrike
Link:
https://app.any.run/tasks/4b3a7dfa-b34d-4238-b055-906dcd0bc3bc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
CobaltStrikeStager
Create hunting rule
Link:
https://www.capesandbox.com/analysis/397450/
Detection(s):
SecuriteInfo.com.BackDoor.Meterpreter.157.10672.19725.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/90164/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
CallSleep
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug cobalt
Link:
https://www.filescan.io/uploads/6483ff943d73a4d71709f0a7/reports/9ffb8b24-882b-4fdd-a381-a38269eab1ab/overview
Verdict:
Malicious
Labled as:
Win64/ShellcodeRunner.FT trojan
Link:
https://www.hybrid-analysis.com/sample/93896b303630422dc604fa9ce9dcf1ccd93f823cd90d46c2b55029ea004f1a41
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a3890793-1c15-4212-b2a1-dac977438cb6
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1252230
Signature
Found API chain indicative of debugger detection
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
cobaltstrike
Create hunting rule
Link:
https://mwdb.cert.pl/sample/93896b303630422dc604fa9ce9dcf1ccd93f823cd90d46c2b55029ea004f1a41/
Threat name:
Win64.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2023-01-17 12:12:39 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=soewwmbwgbbc3rqe7kootxhrztmt7ar43egunqvvkau6uacpdjaq._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230610-fctplaeb93/
Unpacked files
SH256 hash:
93896b303630422dc604fa9ce9dcf1ccd93f823cd90d46c2b55029ea004f1a41
MD5 hash:
27c4f6ca1b49e3723ba158c9c268a526
SHA1 hash:
7879c9347c5ea9f2c8f6c3d4ec8cb3b510330a63
Link:
https://www.unpac.me/results/50e58483-4d35-4e19-887f-3e2058695170/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/93896b303630422dc604fa9ce9dcf1ccd93f823cd90d46c2b55029ea004f1a41

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe 93896b303630422dc604fa9ce9dcf1ccd93f823cd90d46c2b55029ea004f1a41

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/397450/
  
URLhaus
https://urlhaus.abuse.ch/url/2656785/

Comments


Avatar
zbet commented on 2023-06-10 04:43:39 UTC

url : hxxp://114.132.234.211:8884/uMM.exe