MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 9af4b3b8c67d21fef69dee132cb686d1cb9e34e2d5e807b05c2a92e48f08dd39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
CobaltStrike
Vendor detections: 6
| SHA256 hash: | 9af4b3b8c67d21fef69dee132cb686d1cb9e34e2d5e807b05c2a92e48f08dd39 |
|---|---|
| SHA3-384 hash: | f1389f906a3f9f9418b5d53089297f2101124413136552939de91d5bc60553cbcd33e243ee9e62702054faca186b3ff4 |
| SHA1 hash: | 88ae2ed9e9ceeba5cf578c994e1b2493bfddd112 |
| MD5 hash: | 3c21cccff5c8aabf1977f2dbdaeaafe7 |
| humanhash: | alabama-hawaii-arkansas-india |
| File name: | 3c21cccff5c8aabf1977f2dbdaeaafe7 |
| Download: | download sample |
| Signature | CobaltStrike |
| File size: | 348'160 bytes |
| First seen: | 2021-07-14 16:23:05 UTC |
| Last seen: | 2021-07-14 17:07:15 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | c3803752167a683f3dbd2e2ab3d19b6d (4 x CobaltStrike) |
| ssdeep | 6144:OpWMSmgY0IyFpXjsCEqhp3xuo8Pr7Jjc7wPxyC:/HP7LFVst+0oA71+FC |
| Threatray | 363 similar samples on MalwareBazaar |
| TLSH | T12B741237D23060D6C05A00F55A0DE7BF9A181D2076E2AC3E55D287EA8936EF76873727 |
| Reporter |  zbetcheckin |
| Tags: | 32 CobaltStrike exe |
Intelligence
File Origin
# of uploads :
2
# of downloads :
496
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
CobaltStrike
Verdict:
Malicious
Result
Threat name:
CobaltStrike
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Tries to detect virtualization through RDTSC time measurements
Yara detected CobaltStrike
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Threat name:
Win32.Hacktool.CobaltStrike
Status:
Malicious
First seen:
2021-07-14 16:18:27 UTC
File Type:
PE (Exe)
AV detection:
28 of 46 (60.87%)
Threat level:
1/5
Verdict:
malicious
Label(s):
cobaltstrike
Similar samples:
+ 353 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Score:
10/10
Tags:
family:cobaltstrike botnet:1359593325 backdoor trojan
Behaviour
Cobaltstrike
Malware Config
C2 Extraction:
http://192.236.146.5:80/cx
Unpacked files
SH256 hash:
b250546760e98b5ceda855877a67894d517741e273fa7493fd3e3b1814414e99
MD5 hash:
a33fb7f091702a071854a6b6c5965cdf
SHA1 hash:
20d41dc516806a7595dff991b710f863cafe4ca1
SH256 hash:
2c88fd1696d01b76f0b39ac0ab5d5baaf983dc4545bd18563fcbef8671dd040a
MD5 hash:
695014329ef106f72d34fd6d560bb3ee
SHA1 hash:
ed62ce664f5cf5222596e50dabb4ab4961b23191
SH256 hash:
9af4b3b8c67d21fef69dee132cb686d1cb9e34e2d5e807b05c2a92e48f08dd39
MD5 hash:
3c21cccff5c8aabf1977f2dbdaeaafe7
SHA1 hash:
88ae2ed9e9ceeba5cf578c994e1b2493bfddd112
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.url : hxxp://jeromfastsolutions.com:8088/themes/details.bin