MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a50f9170ee444aa88d99e2215f2ee8c1c7d1c9b93f686ec403e34ff16b585b86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	a50f9170ee444aa88d99e2215f2ee8c1c7d1c9b93f686ec403e34ff16b585b86
SHA3-384 hash:	337bea3e7fbecc46a996e363b847db406b61cfe46ad12d98821b183bf4b8a7a39eaae4b9d50c2c39c66f8707dbd12ca3
SHA1 hash:	6182a91e6d2e9e8784f1c4552e423314aa65cb54
MD5 hash:	1e05854090f5a03cb400330f97ebd067
humanhash:	alaska-mobile-nine-pizza
File name:	dzbooster.com_new__melon.exe.malw
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	309'536 bytes
First seen:	2020-03-27 05:45:23 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	3072:Nq7NuezD6r8tbS/ESmDySl21IsgS23dEUjMUgOjCFfoSr+0m/hbbzDVsdaWprmnu:s2rVdJlUgAMfoSKhbf5sdadnaVoVg
Threatray	48 similar samples on MalwareBazaar
TLSH	DE64CF85BA035B12E51429BAD0EF142403F45FC36573E6EBBAD633AC85423D39D94A8F
Reporter	ov3rflow1
Tags:	Cobalt Strike malw

Code Signing Certificate

Organisation:	DigiCert Assured ID Root CA
Issuer:	DigiCert Assured ID Root CA
Algorithm:	sha1WithRSAEncryption
Valid from:	Nov 10 00:00:00 2006 GMT
Valid to:	Nov 10 00:00:00 2031 GMT
Serial number:	0CE7E0E517D846FE8FE560FC1BF03039
Intelligence:	22 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	3E9099B5015E8F486C00BCEA9D111EE721FABA355A89BCF1DF69561E3DC6325C
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win32.HLLW.Autoruner1.14959.18928.15688.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Shelma

Status:

Malicious

First seen:

2019-01-24 03:33:35 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

24 of 31 (77.42%)

Threat level:

2/5

Verdict:

malicious

Label(s):

cobaltstrike

CobaltStrike

6b85fd7249ceaf4a88f71ad1becb27b9c9a17b1c1bd2cb75f25cdc7b1318785a

CobaltStrike

81967adfc60e1b5895f81d7bc1d1fdcb000f451a1524d56f831f43232b6841ff

CobaltStrike

88abb1fac4a77edb76cc29e112111e658e66eee14f1eaf19290739ec06b88090

CobaltStrike

b5976c55670c484ababd28736f50e297c3b1b57f1580d26f5fd1ecf60332a11c

CobaltStrike

b8fb24fed506f2b66406af4f29a8a0522564d337d9f374c3936b369e10a69437

CobaltStrike

d04c53a6dc6736d240938ac0ee259c1853150c43fd1bf352385f408c1120700f

CobaltStrike

d87c321887e33a1f90a29b21be81459835a725d9a056916b1cafaaacc06169f5

CobaltStrike

e5c5c9d753512a626d7bc4e6a14191b3db75290da5046b7d4d5fd4acc2ed3460

CobaltStrike

ef0116d9f61a26ad233dc3edc1990eb6c83b0398a593c65ef19f106008892eee

CobaltStrike

+ 38 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

URLhaus

https://urlhaus.abuse.ch/url/174123/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample