MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4afc259d1032bf4ac6db0092d7b364fb11458a4c2100aa2606df6d81e5d5122. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4afc259d1032bf4ac6db0092d7b364fb11458a4c2100aa2606df6d81e5d5122
SHA3-384 hash: 64da3da7fc6952a85a6b5162cd16afdcecf2b28eb5f6ff8f423a83147dc941a11e35e17127c95fc9a2a2121f95417249
SHA1 hash: 8503031bd2e0cbf9db1dde2cb8f4dba699cb8914
MD5 hash: 7edda525c176c63cac5444b6bc0f3921
humanhash: mississippi-grey-cat-beer
File name:SecuriteInfo.com.Generic.mg.7edda525c176c63c.14920
Download: download sample
File size:126'976 bytes
First seen:2020-06-19 12:40:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ac2870c4a86dec340499b35cc0abe067
ssdeep 1536:I0nrseIVwYTeoDjBeqNrXCi2KOTz/Cjj7a3Ls88hpJS3Oq8c+jBSQOkaJOFuWxXB:IT7VwYqyjQGrU/GKtZArOllq
Threatray 117 similar samples on MalwareBazaar
TLSH 32C3D036E303FE32D9F252FEB189091926051E3C97D416C726D40EF9A1382D2FA75693
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9551/
Detection(s):
SecuriteInfo.com.Generic.mg.7edda525c176c63c.14920.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 09:50:31 UTC
File Type:
PE (Exe)
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
03d9290dcdd5510be91d45eedf36f05c4303b5ca770cdd24f48c6111638ebdf2
118dd258630c48b0beacd8b4c04c9c9cd3b9f698b660b6a904b1dfc033e00cd1
1e71dc3af5e442e59405b35c615c28fe77bde3a2d0112d6634596b0b867e2e9a
308c427638d7aa1a48809ce6dc4125bbccc3f5730a602174baf886e61699ef4d
6a46de11b9ebaaa99cecd10012b7532e5d323d9ddf5bb25309f6fbf47f192fde
831ba6efa4a49eb1c7ff749fe442b393c5a614f383bf1efb52512a183b4362fc
8d5a770975e52ce1048534372207336f6cc657b43887daa49994e63e8d7f6ce1
b5961f407c0afef04c9406ba17cbae3fe4cc575b47e50081abbda0d96f9c0f18
ba516dbe1b2e00f3d4e20a5b8b90ef9d7e0850ec82350f84aa6fe42583d5bd68
ee733f72d20ca6958e5c30d43285358dc489fc1540bbed07ffaecde0702cede6
+ 107 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-h2byshlf4e/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b4afc259d1032bf4ac6db0092d7b364fb11458a4c2100aa2606df6d81e5d5122

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/399084/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/9551/

Comments