MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95654525c7022015e1177ff2e8eba84837f6808b6568bccd87af3e55a3c1f481. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 95654525c7022015e1177ff2e8eba84837f6808b6568bccd87af3e55a3c1f481
SHA3-384 hash: f6e6b70b3d0e36f408ce7bb8e2ba963b610651f577d5eeb17e082469a75130a1fbec7ed542acbd2405791e3aed28c937
SHA1 hash: daa33b986624b2156b336392c4d5cc1ddd184e56
MD5 hash: 583ad904b51ce0851f9f2cb056a9a2e3
humanhash: hydrogen-neptune-queen-glucose
File name:583ad904b51ce0851f9f2cb056a9a2e3.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:468'480 bytes
First seen:2021-07-23 12:14:23 UTC
Last seen:2021-07-23 12:52:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b6c8827afb7ad4ba5d6e554df69c5367 (1 x CobaltStrike)
ssdeep 12288:JBcXtc6gtDe1gcRAO4DvGkQhDSgOmbFzZ/E:cX26gtyCcRV4DvGkcGLmfE
Threatray 147 similar samples on MalwareBazaar
TLSH T19DA4AC44650179C5E67264FF149E67F07E62F80EBD2189D338246F2A6B356FC089FC92
Reporter abuse_ch
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
498
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
583ad904b51ce0851f9f2cb056a9a2e3.exe
Verdict:
No threats detected
Analysis date:
2021-07-23 12:22:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/97381cb3-15c8-4a7e-9f55-d69737b2ff9b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/173624/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.46667237.15038.14591.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
CobaltStrike
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/853394f0-57b9-4a6a-9baa-dec954a1f216
Result
Threat name:
CryptOne CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/820748
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Detected CryptOne packer
Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/95654525c7022015e1177ff2e8eba84837f6808b6568bccd87af3e55a3c1f481/
Threat name:
Win64.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2021-07-23 02:17:14 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
048b796fb78b1a11d598189410f4de21f57094d283fbebaec36fc604b1f66197
CobaltStrike
1b11ae98b85bb0645abe36adcd852e6e84b51c6b5c811729f3c19f14f32d4e4f
CobaltStrike
49b57d024424267e79102b40cacbdb69c6e92ec41d5443d069da06e4eb083921
CobaltStrike
5ee9f4addc6c85c45a7a66f9b61c4d7977f21d8ce1aadf667508f4623b317572
CobaltStrike
844f891f338bcde305546fb85d97ac01bfd2c4db663ce779e6048307af5085f5
CobaltStrike
87fce4a9bf5b5a94b0a722c3061fd931a2fadd301880801b64a1e78d79bb67c5
CobaltStrike
a7d4ad5e6eedf5be0ad6f9ffc704827b7c1e9aeb12d440c847031af8d4d1f7b1
CobaltStrike
cdf2ed21f6bda94bdebd880cb3e45005de2e714d8f1311f3d38684f103be2f00
CobaltStrike
eb639e9d45ed4d4cf911195b7ef53d61897dd8f826c542ae411854ddec3aea87
CobaltStrike
+ 137 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor cryptone packer trojan
Link:
https://tria.ge/reports/210723-rzbb5bs27x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Cobaltstrike
Suspicious use of NtCreateUserProcessOtherParentProcess
Unpacked files
SH256 hash:
95654525c7022015e1177ff2e8eba84837f6808b6568bccd87af3e55a3c1f481
MD5 hash:
583ad904b51ce0851f9f2cb056a9a2e3
SHA1 hash:
daa33b986624b2156b336392c4d5cc1ddd184e56
Link:
https://www.unpac.me/results/7c14b807-f81e-41cd-8ef4-7480082566d9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/95654525c7022015e1177ff2e8eba84837f6808b6568bccd87af3e55a3c1f481

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe 95654525c7022015e1177ff2e8eba84837f6808b6568bccd87af3e55a3c1f481

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/173624/
  
URLhaus
https://urlhaus.abuse.ch/url/1475501/
  
Delivery method
Distributed via web download

Comments