MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 942a315f52b49601cb8a2080fa318268f7a670194f9c5be108d936db32affd52. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	942a315f52b49601cb8a2080fa318268f7a670194f9c5be108d936db32affd52
SHA3-384 hash:	a5e7c9f63680ead8d8f7f31f01f51bd0735b90bfe4b3abd5d9931f9d6f435443ef7fe270d2c105efe6c7fa9b8a562fb8
SHA1 hash:	3e47e0c096a0c789aabd070c455333286fec32eb
MD5 hash:	d120e20c7e868c1ce1b94ed63318be6d
humanhash:	october-saturn-fruit-autumn
File name:	2021.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	746'824 bytes
First seen:	2021-07-23 03:31:16 UTC
Last seen:	2021-07-23 04:37:19 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e9aa303687048d9e2b687f9213d39928 (2 x CobaltStrike)
ssdeep	12288:Vr92hx6QkXcrTStFkGJ9NmDqInEegbMEQHP+B9P6t7Xs013Fbu9FRvXdb:Shwjs/MnHIEvQHP+B9P+I013FbuJvtb
Threatray	4 similar samples on MalwareBazaar
TLSH	T1C4F49E48B54CFDF5DCC9AABC04E2121942ABAD419719DA3F3910FE3C803AE58D972D5B
dhash icon	68e0a0a4a4a48098 (1 x CobaltStrike)
Reporter	r3dbU7z
Tags:	CobaltStrike exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

489

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

2021.exe

Verdict:

No threats detected

Analysis date:

2021-07-23 03:32:57 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/ded55977-b9bd-4df5-8fd6-07db1766e411

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/173480/

Detection(s):

SecuriteInfo.com.BackDoor.Meterpreter.157.8222.12072.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

CobaltStrike

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0a6104e9-20d0-4851-b4f2-9265493f0f43

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/820516

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/942a315f52b49601cb8a2080fa318268f7a670194f9c5be108d936db32affd52/

Threat name:

Win64.Trojan.Sabsik

Status:

Malicious

First seen:

2021-07-23 03:32:03 UTC

AV detection:

13 of 46 (28.26%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

3afb9fbf6ecd6ace47153db07ab803b9d878ca0331d2ef80ce91294e3031278e

4f87821225205757c6a35a7d0c569e09287f6bfde6fd83b44ad08a355287a455

51abcecacd2fdd25bb8ef3a64b02aaa940b6d08ea2f7f48d5d6dc13d6912a561

953c74dee50c9b3c4063a8c8fe06f05f06a9ed83b87e61d4f3ba1d545fb9210a

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/210723-detxac99qe/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Program crash

Cobaltstrike

Suspicious use of NtCreateProcessExOtherParentProcess

Malware Config

C2 Extraction:

http://service-jfm40pz6-1305872363.gz.apigw.tencentcs.com:80/bootstrap-2.min.js

Unpacked files

SH256 hash:

942a315f52b49601cb8a2080fa318268f7a670194f9c5be108d936db32affd52

MD5 hash:

d120e20c7e868c1ce1b94ed63318be6d

SHA1 hash:

3e47e0c096a0c789aabd070c455333286fec32eb

Link:

https://www.unpac.me/results/9dde7786-df49-49ea-8a7b-ff84e4b880fa/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/942a315f52b49601cb8a2080fa318268f7a670194f9c5be108d936db32affd52

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/173480/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample