MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2c2d8aab3b2c72e34767d16ee029a09035851b9aa6773ca5d83804aa2cfe911. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2c2d8aab3b2c72e34767d16ee029a09035851b9aa6773ca5d83804aa2cfe911
SHA3-384 hash: 6717caca42c5f23f107bc0ecb6c01e0aef384f7fa6343096ad57a19f061336566bc350032a238dd9f6190936897203e9
SHA1 hash: 718b574161670acf2ef1db8b972efb7ccd74a8da
MD5 hash: 9425a3ee7ac2803b7fd85e6ac108fbcc
humanhash: nevada-green-sink-maine
File name:c2c2d8aab3b2c72e34767d16ee029a09035851b9aa6773ca5d83804aa2cfe911
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:638'976 bytes
First seen:2021-04-20 07:28:14 UTC
Last seen:2021-04-28 16:07:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f3c207626c0b70e7b5f0a4751e3eb597 (2 x CobaltStrike)
ssdeep 12288:gt8hPLyA6Wm8K4aZpIstP/cK2lpgaB52jED3JN63:5hPjuDtHS//3O3
Threatray 697 similar samples on MalwareBazaar
TLSH 04D4122373E070F9E5738736C2650949D7B2BC754B219B8F07A446A62E573A10E3EF62
Reporter Anonymous
Tags:CobaltStrike

Intelligence

File Origin
# of uploads :
3
# of downloads :
583
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c2c2d8aab3b2c72e34767d16ee029a09035851b9aa6773ca5d83804aa2cfe911
Verdict:
No threats detected
Analysis date:
2021-04-20 07:33:54 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fc11dea9-5b4a-4561-821f-ece4c75efa5a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Trojan.CobaltStrike-9044898-1
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a UDP request
Sending a custom TCP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/688470
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c2c2d8aab3b2c72e34767d16ee029a09035851b9aa6773ca5d83804aa2cfe911/
Gathering data
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
03729ae2db20f485c0b83fbf36d2a22d629137deb2032bf972132db9f2805882
CobaltStrike
1c8de01df040c973b37ae5ce8e1bb523e1ba24a9c25263706022f9a9894a2e50
CobaltStrike
452363ce4a4695a985d5a6200de2b43692f7e0d4df11f0b30b42fc78a0cc9440
CobaltStrike
84cef0aed269e6213bfa213d95a3db625bcdde130f33bf4227436985e4473252
CobaltStrike
8fabea95cbfe1da521dfcd7880ec3301a3a32175741680d8c1a8acacc0199eb7
CobaltStrike
9d0cc73772d79a0561d03db4e6aca9fad9b125afbbc7f2b4f7f3df25eeed56a0
CobaltStrike
a93eb70cc4152e32cd3a39fda968b2da5ade48453927410a0d520f2d13223d11
CobaltStrike
cb01f31a322572035cf19f6cda00bcf1d8235dcc692588810405d0fc6e8d239c
CobaltStrike
dbafbe9edfdac67a781756a6970a7341fd5401b0914fff7e3e8136cff0426fc5
CobaltStrike
f25295fc7d3435f80f39e602465da255ee0ace3d845315dac8731873adff894d
CobaltStrike
+ 687 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/210420-6j9sfcvkp2/
Behaviour
Modifies system certificate store
Cobaltstrike
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c2c2d8aab3b2c72e34767d16ee029a09035851b9aa6773ca5d83804aa2cfe911

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-04-20 08:06:37 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0001.032] Anti-Behavioral Analysis::Timing/Delay Check GetTickCount
1) [B0009] Anti-Behavioral Analysis::Virtual Machine Detection
2) [B0030.002] Command and Control::Receive Data
3) [B0030.001] Command and Control::Send Data
4) [C0011.001] Communication Micro-objective::Resolve::DNS Communication
5) [C0002.003] Communication Micro-objective::Send Request::HTTP Communication
6) [C0003.002] Communication Micro-objective::Connect Pipe::Interprocess Communication
7) [C0003.001] Communication Micro-objective::Create Pipe::Interprocess Communication
8) [C0003.004] Communication Micro-objective::Write Pipe::Interprocess Communication
9) [C0001.009] Communication Micro-objective::Initialize Winsock Library::Socket Communication
10) [C0001.006] Communication Micro-objective::Receive Data::Socket Communication
11) [C0001.007] Communication Micro-objective::Send Data::Socket Communication
12) [C0027.009] Cryptography Micro-objective::RC4::Encrypt Data
13) [C0028.002] Cryptography Micro-objective::RC4 KSA::Encryption Key
14) [C0021.004] Cryptography Micro-objective::RC4 PRGA::Generate Pseudo-random Sequence
15) [C0019] Data Micro-objective::Check String
16) [C0026.001] Data Micro-objective::Base64::Encode Data
17) [C0051] File System Micro-objective::Read File
18) [C0052] File System Micro-objective::Writes File
19) [C0034.001] Operating System Micro-objective::Set Variable::Environment Variable
20) [C0040] Process Micro-objective::Allocate Thread Local Storage
21) [C0038] Process Micro-objective::Create Thread
22) [C0041] Process Micro-objective::Set Thread Local Storage Value
23) [C0018] Process Micro-objective::Terminate Process