MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b27a5018742f9fd6d6c1f94e56215b64eaf0b263e43b82feec02ceeab208398. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	9b27a5018742f9fd6d6c1f94e56215b64eaf0b263e43b82feec02ceeab208398
SHA3-384 hash:	c015158d7236a852f3dd94f1f59ca13d74fd7792774af4770a1b426764887598d222fdcc453ea7eff2ee355480a9d176
SHA1 hash:	c15b2d3b9905b78a29cb3dd2829e7fa0c021f7bd
MD5 hash:	5b45c5fb1f1d8915a5a08145dcc9e38d
humanhash:	tango-pennsylvania-chicken-london
File name:	9b27a5018742f9fd6d6c1f94e56215b64eaf0b263e43b82feec02ceeab208398
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	14'336 bytes
First seen:	2020-08-27 10:17:48 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	dc25ee78e2ef4d36faa0badf1e7461c9 (118 x CobaltStrike, 5 x Cobalt Strike)
ssdeep	192:AJH+DgGK83SxHn2OQ/dmBI4KBfTgir+xzllI/7UUqEbqUqV/Qjo7AGa:AB+kGKqbOCdWIVBff+xzvA7UHwfCXAn
Threatray	72 similar samples on MalwareBazaar
TLSH	D952F975EA0378F2FD1A497014EFB6BFAFB3E2134C105C96CF94D84558234BA980665D
Reporter	JAMESWT_WT
Tags:	CobaltStrike

Intelligence

File Origin

# of uploads :

1

# of downloads :

87

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/51761/

Detection(s):

Win.Trojan.CobaltStrike-7899872-1

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Sending a UDP request

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/452531

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9b27a5018742f9fd6d6c1f94e56215b64eaf0b263e43b82feec02ceeab208398/

Threat name:

Win32.Trojan.Cobalt

Status:

Malicious

First seen:

2020-08-20 16:47:07 UTC

File Type:

PE (Exe)

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=tmt2kamhil4723lmd6kokyqvwzhk6czghzb3ql7oyawo5kzaqoma._file

Verdict:

malicious

Similar samples:

178bba892544670c9b347112461fc5443e02bd5a7685c9c29a4218dcf64eb25c

1a9bbebde954b27cbf6006128e1a22bdfa81d4ea853ba99bab4ec3333ea0bb89

5cd1e21eef3c4ed694dc429b88b403995244060feb4fdea12473aff4d782e1f5

843ecb8f65383d379efac41850e2962630597fbb9d327215268c480e896fa16a

8f7b9a377a14260d8bdcc6e18e749013a0c2c09a60d46fa026d77f6d92b7b801

9a8b757fa40f9f6ee20d070db2801a48b9f7129ca385d6b52bb754cc8b72920b

ad42170cf53ef7e0ea91196fedd5f8ae7665e207f9de002c63562f4b1db57717

d1a71b6a8691f72eb133570b9e90e8de061a652a35e3b4039d0875bbc0f76f1c

e4ca37b939f9ca60aab3b68d49169ee93e46548b76dfb31eeb43d4161fd3dc1a

e571cd3a4c0744cb3c5443b868577adced331a7545fcb6e2ed0efbe7506a2f9b

+ 62 additional samples on MalwareBazaar

Result

Malware family:

metasploit

Score:

10/10

Tags:

trojan backdoor family:metasploit

Link:

https://tria.ge/reports/200827-481pdjhpw6/

Behaviour

MetaSploit

Malware Config

C2 Extraction:

http://66.42.39.79:443/logo32x32.gif

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Diple

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9b27a5018742f9fd6d6c1f94e56215b64eaf0b263e43b82feec02ceeab208398

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/51761/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample