MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95c50f8c585ec69dab7a9d26a2684da2e44d5539edb75e4ecc53c18092cdc7b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 95c50f8c585ec69dab7a9d26a2684da2e44d5539edb75e4ecc53c18092cdc7b1
SHA3-384 hash: 25e4db78fd4ca790bcabc38abc5f4361446c13fbda9fd79c7cdf7bb3dd4e3d918428686e399b5c19c8509b0e73fb02e8
SHA1 hash: fab9faf8b01e5b7eabcb8767f6b4257a5263f58d
MD5 hash: 149c76f24bd6f2e93b2b5c568fff7bda
humanhash: missouri-freddie-mobile-winter
File name:bbaQTHDF.posh
Download: download sample
File size:352'607 bytes
First seen:2022-05-01 13:45:22 UTC
Last seen:Never
File type:unknown
MIME type:text/plain
ssdeep 6144:QbCjcsg8y7zWnBDNyGzj++6USqvoPrEBrtWeenmN0Zqnb3C1id2kdXsGlmJ9o+S0:QbC4sXyvWdT++eqvoQBrd3wkdX/Ad
TLSH T13E745A473F5969EED212F527E63DB0C225E0B52E90A98AD4B7F1D4B118F802234F47A7
Reporter pmelson
Tags:CobaltStrikeBeaconDLLReverseHTTP powershell

Intelligence

File Origin
# of uploads :
1
# of downloads :
265
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.CobaltStrike-7917400-0
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
metasploit powershell
Link:
https://www.filescan.io/uploads/626e8f26801e66012b1ca586/reports/f0bdefd9-04d5-4ce7-9925-212bad2179f5/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/95c50f8c585ec69dab7a9d26a2684da2e44d5539edb75e4ecc53c18092cdc7b1/
Threat name:
Script-PowerShell.Backdoor.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2022-05-01 13:46:08 UTC
File Type:
Text (PowerShell)
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/95c50f8c585ec69dab7a9d26a2684da2e44d5539edb75e4ecc53c18092cdc7b1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:Cobaltbaltstrike_Beacon_Encoded
Create hunting rule
Author:Avast Threat Intel Team
Description:Detects CobaltStrike payloads
Reference:https://github.com/avast/ioc
Rule name:Msfpayloads_msf_ref
Create hunting rule
Author:Florian Roth
Description:Metasploit Payloads - file msf-ref.ps1
Reference:Internal Research
Rule name:Msfpayloads_msf_ref_RID2ED5
Create hunting rule
Author:Florian Roth
Description:Metasploit Payloads - file msf-ref.ps1
Reference:Internal Research
Rule name:SUSP_PowerShell_Base64_Decode
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects PowerShell code to decode Base64 data. This can yield many FP

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

unknown 95c50f8c585ec69dab7a9d26a2684da2e44d5539edb75e4ecc53c18092cdc7b1

(this sample)

  
Link
https://www.virustotal.com/gui/file/95c50f8c585ec69dab7a9d26a2684da2e44d5539edb75e4ecc53c18092cdc7b1/detection
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2173521/

Comments