MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4ff632696ec6e406388e1d42421b3cd3b5f79dcb2df67e2022d961d5f5a9e78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	c4ff632696ec6e406388e1d42421b3cd3b5f79dcb2df67e2022d961d5f5a9e78
SHA3-384 hash:	a12df5c595b03c54314e310c8c11b984fa44def2f29cd7db5494a06e409a83fbc7fcda807985454747930a8aa0bd78de
SHA1 hash:	95227f426d8c3f51d4b9a044254e67a75b655d6a
MD5 hash:	8ece22e6b6e564e3cbfb190bcbd5d3b9
humanhash:	colorado-orange-cold-five
File name:	c4ff632696ec6e406388e1d42421b3cd3b5f79dcb2df67e2022d961d5f5a9e78.bin
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	284'160 bytes
First seen:	2021-06-01 23:54:41 UTC
Last seen:	2021-06-02 01:15:23 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	bfdc3c80c56a38472bdbb1c4998142b4 (1 x CobaltStrike)
ssdeep	6144:LUeZMRpbWn2Qsb57etoPnhoHCPlSHm5kvnnnn28vyd37:LUXnuEt7eOPnhoiPl6m5kvnnnJvw
Threatray	425 similar samples on MalwareBazaar
TLSH	8854C00665E0CD30DE6A0F770B71DBE31D2EE6F2EAE44984E64B8E5F16300416C75AB5
Reporter	Arkbird_SOLG
Tags:	CobaltStrike dll iso NOBELIUM

Intelligence

File Origin

# of uploads :

2

# of downloads :

485

Origin country :

n/a

Vendor Threat Intelligence

Detection:

CobaltStrikeBeacon

Link:

https://www.capesandbox.com/analysis/163905/

Detection(s):

SecuriteInfo.com.Trojan.Agent.FILB.21919.21060.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c4ff632696ec6e406388e1d42421b3cd3b5f79dcb2df67e2022d961d5f5a9e78/

Threat name:

Win32.Trojan.CobaltStrike

Status:

Malicious

First seen:

2020-12-09 02:30:23 UTC

AV detection:

28 of 47 (59.57%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

06a2955307b8c26009b441754df7d0c94d3a913b0644a3c8779f592648dd1a0c

0adcf0b5e5216f4ac6fe82d4e2c7e351845cfaf6717552aaa0c80d643ee9f2ee

0c4cec40fce3e0e360abaab4009f10b3d709724f074883304b004c46f99c218e

10f982f456d963b82655b03b59a4ea4877832899067e14c96990b809c5767b72

27f9ac6bd41284e86f0199eba0e1d7ad3703d04e095b0c8ae8ccf850b32365ac

5351984d7eaf9464f27c202f94b6475ffb73904191c973d7c737a0f3cdfbde0e

7566ae70559b61077911e17564dd470be33abcf8e725352f546a731af43e5297

dbcb927d98301d49758b5a6e419e618acb92ecef3bef20c99374f5fde154eb1d

e46873324ee44e0f0b2b3ea745abe5f1b7875189bc04d9abc86330620ab97c51

f9593d758990b1ed70a1f537ca7aef8006753af1039768c8f1047a7319d1633d

+ 415 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:305419896 backdoor trojan

Link:

https://tria.ge/reports/210601-68nmqxjtne/

Behaviour

Suspicious use of WriteProcessMemory

Cobaltstrike

Malware Config

C2 Extraction:

http://hanproud.com:443/news_indexedimages_autrzd/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c4ff632696ec6e406388e1d42421b3cd3b5f79dcb2df67e2022d961d5f5a9e78

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/163905/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample