MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d98c29847ea4a1acbc30f95ede18759d9f2ed343dd99d85a542efdf23fd497e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	d98c29847ea4a1acbc30f95ede18759d9f2ed343dd99d85a542efdf23fd497e5
SHA3-384 hash:	71410344198f97149b86f885665cc0db1ce608d60c1201df3df1afbeee102f209bc518d231d0f5dc27d793b63b028b1a
SHA1 hash:	5846d7f4a3ef52788433f2295fe5afb5d949ee28
MD5 hash:	c985cc99d7a53b3c482ea84354f378f8
humanhash:	dakota-angel-uniform-vermont
File name:	d98c29847ea4a1acbc30f95ede18759d9f2ed343dd99d85a542efdf23fd497e5
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	57'344 bytes
First seen:	2020-08-28 13:18:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	768:qD45BZfSQpKtj66kh0s5C4u2Hr7ccfk8neR36qhv6G8kmZsLaQ:0CSQpkzcbIInFeR31S7BUX
Threatray	79 similar samples on MalwareBazaar
TLSH	58437B443BE9DE63D66C9B3B289F43096738E245FB4BF78BD54606690D423E8B940E13
Reporter	JAMESWT_WT
Tags:	CobaltStrike

Intelligence

File Origin

# of uploads :

1

# of downloads :

83

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Ispy

Link:

https://www.capesandbox.com/analysis/52339/

Detection(s):

SecuriteInfo.com.Variant.Adware.BrowseFox.62.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Launching a process

Creating a file

Sending an HTTP GET request

Unauthorized injection to a system process

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/453543

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d98c29847ea4a1acbc30f95ede18759d9f2ed343dd99d85a542efdf23fd497e5/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-08-15 23:10:06 UTC

File Type:

PE (.Net Exe)

Extracted files:

2

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=3ggctbd6usq2zpbq7fpn4gdvtwps5u2d3wm5qwsuf367ep6us7sq._file

Verdict:

malicious

Similar samples:

203f753b4e81e49247f62c3f59e6744e6b7b3b0a399ebe7118b0fcc23c6ebf22

5e627b14e776856c2904f622b43da929fbc41c1d0b753cd0f98913d8eeaf3544

888750cee6858ec2c6131628caa562be26b1c65ecaeff4addcbf73a456c99517

8a148932d87847341a5cc3e93ba144ea1332229a4334a951449b7458169533bc

951cf534559a88818ccf0aa18e0b771a9e8159f40ecba9c58ceb5ba720859af8

a0bf02f7dd4044543ecaf4df5b150e945ac719f0a9899ffafd11f641de1acf2b

c83163a6e61b2bf3852b426f8ccccac4044d57b2b4514125624632e836f51660

f15491b940bdf60bc4e906b0c333ea3f7a7f38079a906b80a212901eb5ce0152

fde61e7e31794b93f99bc6e1a99c64debde2e6f982e7f385a7a6b1be41feb14c

ff086b18973ef9d1075c1a5ca6867382566e2d6e4bd4df444eefdb3f8745f454

+ 69 additional samples on MalwareBazaar

Result

Malware family:

metasploit

Score:

10/10

Tags:

trojan backdoor family:metasploit

Link:

https://tria.ge/reports/200828-th9vtqgnlj/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

MetaSploit

Malware Config

C2 Extraction:

http://104.233.224.237:4389/vv79

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d98c29847ea4a1acbc30f95ede18759d9f2ed343dd99d85a542efdf23fd497e5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/52339/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample