MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7a9310c100613e33934b5a510ab826a1a776386bb73540d346b70f37ed0a2a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7a9310c100613e33934b5a510ab826a1a776386bb73540d346b70f37ed0a2a4
SHA3-384 hash: d3ce11180b040c15fefbe3959e7f9ca909a3cf6afa6844235a987d2f37f0850a2f60257eb00e376c291f4da53bfc65d9
SHA1 hash: eb7c84eee39e7bdfa51bdabedd91ee4bb38fe326
MD5 hash: 8ccc051bbaf6dc9cb76bfea2bbd8f6d4
humanhash: quebec-foxtrot-bluebird-lactose
File name:8ccc051b_by_Libranalysis
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:407'040 bytes
First seen:2021-05-21 18:11:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 55f1b8805e560cf8cd4b68463a8f7407 (1 x CobaltStrike)
ssdeep 1536:qU89qNKrJfVNz76HRP6pHZLT5HM00HN0wrhPbXjweK5KkTTLJMOyAF/rCwq+X9:qQM99YeBeHN0wdjweKwKhMOyg/I+X
Threatray 266 similar samples on MalwareBazaar
TLSH 3884381DF725C816F5AF073048874E14A263A9A4AD215306D6C63DEC7CFE2C43F266A7
Reporter Libranalysis
Tags:CobaltStrike


Avatar
Libranalysis
Uploaded as part of the sample sharing project

Intelligence

File Origin
# of uploads :
1
# of downloads :
508
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4683551968362496.zip
Verdict:
Malicious activity
Analysis date:
2021-05-21 16:53:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/28632233-e69a-47e1-b0ab-b3b83748d402

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Sending a UDP request
DNS request
Sending an HTTP GET request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
CobaltStrike Metasploit
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/787545
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
PE file has nameless sections
Yara detected CobaltStrike
Yara detected Metasploit Payload
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7a9310c100613e33934b5a510ab826a1a776386bb73540d346b70f37ed0a2a4/
Threat name:
Win32.Ransomware.ContiCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-05-21 01:24:48 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y6utcdaqayj6gojuwwsrbk4cninhoy4gxnzvidjunnypg7wquksa._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
023cff6801f8909f19d3c66e3ad286f6bb84a6b4f518bfac3d44026318fa8775
CobaltStrike
064924bf49bd1809d90df0169eb6e354ce8f5b88100bb39b89460c480121fbeb
CobaltStrike
2df05a70d3ce646285a0f888df15064b4e73034b67e06d9a4f4da680ed62e926
CobaltStrike
350b0d6ae25e81c8394b119f4d569c083df8d17e6241d8efed0858cf91c745d7
CobaltStrike
3f9cf521bf11dfe1a5b6baebde88f8eaac8e851ed8bcf220109d081b4a3f0b6f
CobaltStrike
7f139e55e24e25c6544a78d48a04400430a3431830e694ee0946d90075ec2a9c
CobaltStrike
9bca97c3be5d93a9d10b1f1ed2a22db889e866e0ae5046ca7079c5c92eb09982
CobaltStrike
a2bcce439cb511eca635e14943b916e86a121c7062ac978437d2d080a54fff26
CobaltStrike
be96bc38c87f74d973cf9375370f42e5f9dc854d52e413dac6bc6bacc2a16a63
CobaltStrike
cf9f6a9389651599d4dd42b160643841cc1602b4dc4065ce4fbceaec0d8656d1
CobaltStrike
+ 256 additional samples on MalwareBazaar
Result
Malware family:
metasploit
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike family:metasploit botnet:1580103814 backdoor trojan
Link:
https://tria.ge/reports/210521-l3qsy48x6j/
Behaviour
Modifies system certificate store
Cobaltstrike
MetaSploit
Malware Config
C2 Extraction:
http://139.99.178.86:443/rpc
http://akabox.space:443/oLP/
http://139.99.178.86:443/oLP/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Conti
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c7a9310c100613e33934b5a510ab826a1a776386bb73540d346b70f37ed0a2a4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments