MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3cd38ef21032f1410a496a7ca71239619a8d9aa289e70f05f42893def8129e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	c3cd38ef21032f1410a496a7ca71239619a8d9aa289e70f05f42893def8129e0
SHA3-384 hash:	8e1a6c466a99e2dfb222c4dc97ebd43f1ef1e71ffd12986cb1df51fc2bcc66d9b65d6ea69a190a4fb1f6f31cf3dc4f77
SHA1 hash:	9b67d52af34f7d78240337172e8071b46d0f5235
MD5 hash:	57cade29a36409ef56878132d8be4f8d
humanhash:	saturn-minnesota-white-autumn
File name:	SecuriteInfo.com.Generic.mg.57cade29a36409ef.16529
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	499'200 bytes
First seen:	2020-11-12 13:46:29 UTC
Last seen:	2024-07-24 21:14:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	336a79477e6c3dc5c3e10256c7261509 (3 x CobaltStrike)
ssdeep	12288:tqQqTJLUz3ZFKeC97zTyIE8ponldk7rAs:qTJLIpFKz7aN8elGrA
Threatray	636 similar samples on MalwareBazaar
TLSH	5BB4F25B73A500BBE166A234C5530A12E777BCA50B259B9F138842AB0F773D18D7FB60
Reporter	SecuriteInfoCom
Tags:	Cobalt Strike

Intelligence

File Origin

# of uploads :

3

# of downloads :

65

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Generic.mg.57cade29a36409ef.16529.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c3cd38ef21032f1410a496a7ca71239619a8d9aa289e70f05f42893def8129e0/

Threat name:

Win64.Ransomware.Wacatac

Status:

Malicious

First seen:

2020-11-05 00:31:19 UTC

File Type:

PE+ (Dll)

Extracted files:

1

AV detection:

19 of 48 (39.58%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

00c59c0d8af0256ef1e4dabc474a53b85bebb24e791e19cc8a577559a38d4bd1

260ebbf392498d00d767a5c5ba695e1a124057c1c01fff2ae76db7853fe4255b

2af42a2047b16f2dea0038365058a8d8b7f71152117c371ce7f593e47aa785d1

3e6c11f27c1309c63abe0a1563c6141ce7b8d8110419c572be46dcb3578db443

49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a

5d788fe9005c1db5c67e38ec338c023856c8d71f20e137020fbc292e216d3997

9c3b7ba8d375f19993312a6ac20418e0d107d73b30d585e9ad3646e150ff7c5a

a8241398b22ba3745b460a7a0c39cb9a86ca258b9283901d42e8dab283acb39b

bf9b98c2b8e313967028e6ba8760d9a23f6b93036b5f85631494e870a90af779

ec50240df30bcbc5ece80e6a6702b7230b81e68b712083f01a5780761693c5ae

+ 626 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201112-ln9y39vp1j/

Unpacked files

SH256 hash:

c3cd38ef21032f1410a496a7ca71239619a8d9aa289e70f05f42893def8129e0

MD5 hash:

57cade29a36409ef56878132d8be4f8d

SHA1 hash:

9b67d52af34f7d78240337172e8071b46d0f5235

Link:

https://www.unpac.me/results/1637f083-6085-4769-b7af-d75910c41f08/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe c3cd38ef21032f1410a496a7ca71239619a8d9aa289e70f05f42893def8129e0

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/810250/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample