MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 975b4d651dff5feb57a57bc9e093cd60a2ff10ed02f08a6a11d06de3e4b25653. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 975b4d651dff5feb57a57bc9e093cd60a2ff10ed02f08a6a11d06de3e4b25653
SHA3-384 hash: 3f971eec578e2bbd7c350afda8a9fa7dba6ef33cc1b01737ec710851dea400de8e2fe1fd100e2b83dbb056eeb0eaca8c
SHA1 hash: 903c57b96501e49d76c19369ce35dc86aa9548c1
MD5 hash: 85daf358690059c9a6156864e84a57a5
humanhash: potato-north-potato-burger
File name:VsaTool.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:561'152 bytes
First seen:2021-07-13 13:28:54 UTC
Last seen:2021-07-13 14:48:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9c42f19388d9cdd246ee9e3dd241d9cf (4 x CobaltStrike)
ssdeep 6144:rMT9b2lNpjk4ldH1uOs5C8IkEB+y0tO4uHxoPjMdvNZRhu7xpr2AuTVUC:oTYpjkmJk1dEBoPCxI2zju7xpr2AuTZ
Threatray 356 similar samples on MalwareBazaar
TLSH T102C48CDFC8750158FD6DDE3802B22CAA647F6EA6BA68F40DA910B41206734F634F3957
Reporter Anonymous
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
497
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://cdn.discordapp.com/attachments/863045358128726019/864070984781004830/VsaTool.exe
Verdict:
Malicious activity
Analysis date:
2021-07-13 12:32:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/41e5aa5c-a23f-4451-92e9-42b59ea302e4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
DridexV4
Create hunting rule
Link:
https://www.capesandbox.com/analysis/171434/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37226305.21583.6507.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
CobaltStrike
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/99183ae4-a3ee-4b51-9cf8-22f835a54019
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/815634
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Tries to detect virtualization through RDTSC time measurements
Yara detected CobaltStrike
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/975b4d651dff5feb57a57bc9e093cd60a2ff10ed02f08a6a11d06de3e4b25653/
Threat name:
Win32.Backdoor.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2021-07-12 15:14:06 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
2dddb66cd79654ac9c2ba9b658b0e0665ab62e8eb08dcc89ed4bdc614d4775e9
CobaltStrike
324fc8140985441a5ae5d9717b17d7129b467e84567003ea477182aa103044a7
CobaltStrike
37a042c1055f13e3b2b901d79a982adc1b771b9c8371a91e2b210d24931e75f8
CobaltStrike
6c91d046466c2770fede4f82714807bbd672bc60ca7453c6f968ece50bdb33ef
CobaltStrike
7c459b8af45fb919074c455f2114376b6c4ed126f75b73c9979ebdcce70538b0
CobaltStrike
b2a64d1e8433dfdbd937c9b71862beb3160ffd482456cf4576e3f3ad0f930a7f
CobaltStrike
c5b39009be422e89c793241831efd12c6827de20a56b71783d4fd80db9409910
CobaltStrike
+ 346 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike botnet:1359593325 backdoor trojan
Link:
https://tria.ge/reports/210713-s56b1eldtn/
Behaviour
Cobaltstrike
Malware Config
C2 Extraction:
http://185.156.172.76:80/ca
Unpacked files
SH256 hash:
4f858d1325b643f46d4025ea65022af0bb3cdc6ba5552b65cd9537ac54f67098
MD5 hash:
07d0a58cb60ebfa3cb1ecf274cfb9d1b
SHA1 hash:
ce5e8e621706a8fc867ebfc4c6d261c8a67106a1
Link:
https://www.unpac.me/results/77cb579c-f8ec-419d-8a9c-567099d38553/
SH256 hash:
611cef2538f31de86c34ab0a3b6d4ad6d387369fb7e226cb3f7038e33b18ee30
MD5 hash:
7cf4f1da2b8d1d0c08336b5e29f88a44
SHA1 hash:
cbb6c650a5dc3a00377c84c5603f87ede051b5f9
Link:
https://www.unpac.me/results/77cb579c-f8ec-419d-8a9c-567099d38553/
SH256 hash:
975b4d651dff5feb57a57bc9e093cd60a2ff10ed02f08a6a11d06de3e4b25653
MD5 hash:
85daf358690059c9a6156864e84a57a5
SHA1 hash:
903c57b96501e49d76c19369ce35dc86aa9548c1
Link:
https://www.unpac.me/results/77cb579c-f8ec-419d-8a9c-567099d38553/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/975b4d651dff5feb57a57bc9e093cd60a2ff10ed02f08a6a11d06de3e4b25653

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/171434/

Comments