MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da8c83eae113475945a9ab217acf0a375f690e3da0205fedf6f3b176cb9ff45b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Cobalt Strike

Vendor detections: 13

Intelligence 13 IOCs YARA 8 File information Comments

SHA256 hash:	da8c83eae113475945a9ab217acf0a375f690e3da0205fedf6f3b176cb9ff45b
SHA3-384 hash:	ca63140684ea651b5212ab4165818efd4c7d1a4d7add50a9a18893cbecc05cb179220d747b6ae5dfb04c11fdb0145799
SHA1 hash:	43e2d3e7a3cfefa7b09199bc3940d533b91ee17a
MD5 hash:	ba02ed68bee9df68394ce05df073c84c
humanhash:	stairway-video-earth-echo
File name:	深信服财务审计相关资料.exe
Download:	download sample
Signature	Cobalt Strike Create hunting rule
File size:	1'331'584 bytes
First seen:	2026-02-24 10:06:17 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	4db688704a7a98f8d5bbc53c31602749 (1 x Cobalt Strike)
ssdeep	12288:oerLmeKBbwwn5o9SjBZXiTodUvEB61MSjcj/C9nH:oGKBbNocicdOEB6KSjcj/kH
Threatray	17 similar samples on MalwareBazaar
TLSH	T1FE554ED06BA6ACBAFB88B034A50049717D8EBEEAF5C211DE32EC751E167357544F4C28
TrID	45.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 18.0% (.EXE) Win64 Executable (generic) (6522/11/2) 13.9% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.6% (.ICL) Windows Icons Library (generic) (2059/9) 5.6% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	Joker
Tags:	Cobalt Strike exe

Intelligence

File Origin

# of uploads :

# of downloads :

137

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

6ff16617_.exe

Verdict:

Malicious activity

Analysis date:

2026-02-24 10:09:36 UTC

Tags:

xor-url generic

Link:

https://app.any.run/tasks/7419b701-aa9e-48c1-ad3a-6bbe9244ca30

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/54410/

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=699d78238fffa866e3b18d86

Tags:

ransomware injection obfusc

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Connection attempt

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

adaptive-context anti-debug installer-heuristic mingw overlay packed rozena

Link:

https://www.filescan.io/uploads/699d781e97feb4afd6566cd3/reports/07a339bd-7277-465c-bff8-bcf505c8af3f/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/da8c83eae113475945a9ab217acf0a375f690e3da0205fedf6f3b176cb9ff45b

Verdict:

Malicious

File Type:

exe x64

Detections:

Trojan.Win64.Cobalt.sb

Link:

https://opentip.kaspersky.com/da8c83eae113475945a9ab217acf0a375f690e3da0205fedf6f3b176cb9ff45b/results?tab=lookup

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ba962b37-5108-4452-963c-82c0086a51eb

Score:

97%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/da8c83eae113475945a9ab217acf0a375f690e3da0205fedf6f3b176cb9ff45b

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/ba02ed68bee9df68394ce05df073c84c

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/da8c83eae113475945a9ab217acf0a375f690e3da0205fedf6f3b176cb9ff45b/

Verdict:

Malicious

Threat:

Family.COBALTSTRIKE

Link:

https://tip.neiki.dev/file/da8c83eae113475945a9ab217acf0a375f690e3da0205fedf6f3b176cb9ff45b

Threat name:

Win64.Malware.Heuristic

Status:

Malicious

First seen:

2026-02-24 10:07:17 UTC

File Type:

PE+ (Exe)

Extracted files:

159

AV detection:

6 of 24 (25.00%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3kgih2xbcndvsrnjvmqxvtykg5pwsdr5uaqf73pw6oyxns476rnq._file

Verdict:

malicious

Label(s):

cobaltstrike

Cobalt Strike

5267fff6399de9a9b8f1901e7596b641647a1fb6a542b391928c349074b34f6e

Cobalt Strike

5bcef00c270c39cbe34fab65226ca6e442e99dc4e0d42e6a5c1039c105ffa95f

Cobalt Strike

64db468d9c3d860ef9f014b1b7020a1089249eb169220cc3bd3018f232b992aa

Cobalt Strike

9051482fcb1ac6c9f2c06d74ba2f1f964f35bdfd1a046be05b6f69e47ad84aa8

Cobalt Strike

da8c83eae113475945a9ab217acf0a375f690e3da0205fedf6f3b176cb9ff45b

Cobalt Strike

error

Cobalt Strike

+ 7 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:0 botnet:100000000 backdoor trojan

Link:

https://tria.ge/reports/260224-l494jsh15f/

Behaviour

Cobaltstrike

Cobaltstrike family

Malware Config

C2 Extraction:

http://154.221.21.196:8443/jquery-3.3.1.min.js

Unpacked files

SH256 hash:

da8c83eae113475945a9ab217acf0a375f690e3da0205fedf6f3b176cb9ff45b

MD5 hash:

ba02ed68bee9df68394ce05df073c84c

SHA1 hash:

43e2d3e7a3cfefa7b09199bc3940d533b91ee17a

Link:

https://www.unpac.me/results/7616e57e-5521-407d-9fd6-9f2fea97d5c7/

Malware family:

CobaltStrike

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/da8c83eae113/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/da8c83eae113475945a9ab217acf0a375f690e3da0205fedf6f3b176cb9ff45b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Check_OutputDebugStringA_iat Create hunting rule

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/54410/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample