MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e625da9aa862eef338511a40f5e1ea8b05b4782dcd57a695a1c23538cd461424. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	e625da9aa862eef338511a40f5e1ea8b05b4782dcd57a695a1c23538cd461424
SHA3-384 hash:	c4db25ef6a0d12ab86aef2737731d4d778278239b7165a512ec96883bf14b3393dc0c44d28fe4549a27df8db225d9e51
SHA1 hash:	0749dc3618197d83b670b570b0704796db4316bf
MD5 hash:	1e9b560f810f97fbd5477204315f2891
humanhash:	glucose-fish-fourteen-stream
File name:	e625da9aa862eef338511a40f5e1ea8b05b4782dcd57a695a1c23538cd461424.bin
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	71'496 bytes
First seen:	2021-05-31 11:17:41 UTC
Last seen:	2021-05-31 12:16:19 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d055a8b20d0c0a3404f130313f15e48f (2 x CobaltStrike)
ssdeep	1536:N97fms+ohth9VBV0Lxffk5xJ3k5ipioQ+YH:N9TmNohth9FAxf8dkQ2H
Threatray	162 similar samples on MalwareBazaar
TLSH	096374743624822EEC60A637D8BD81D87610B320979C6BF7921AE1369F5B5B1CC51CFE
Reporter	JAMESWT_WT
Tags:	1.A Connect GmbH CobaltStrike exe signed

Code Signing Certificate

Organisation:	1.A Connect GmbH
Issuer:	COMODO RSA Code Signing CA
Algorithm:	sha256WithRSAEncryption
Valid from:	2018-08-13T00:00:00Z
Valid to:	2022-08-13T23:59:59Z
Serial number:	a7e4ded4bf949d15aa4201843f1ab64d
Intelligence:	30 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:	This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:	SHA256
Thumbprint:	d519622e7d1eab2c240860d38779704319f1349cc57ab8c3d51d9f56145b582f
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

486

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

wsc_proxy.exe

Verdict:

No threats detected

Analysis date:

2021-04-16 09:37:51 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9ede0bab-5893-4295-802e-ee34ebe5ab7b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/163438/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.46199581.15649.23828.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/794655

Signature

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Contains functionality to detect sleep reduction / modifications

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e625da9aa862eef338511a40f5e1ea8b05b4782dcd57a695a1c23538cd461424/

Threat name:

Win64.Trojan.CobaltStrike

Status:

Malicious

First seen:

2021-04-16 20:44:49 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

16 of 45 (35.56%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

CobaltStrike

3a226a3d31e8ba855fbc78efb76f820306f4f60e979333b241c7dadd70a5740d

CobaltStrike

a32e37ae08d6a723dff7313d96bc7e23fe9b7db18295e2916f3c935530329919

CobaltStrike

c380f48e3d649b6a44b05134108a8c79536f289240e9ed9135e35dadffb6c350

CobaltStrike

ca4b4b00239f166e04f394e397ce99d74129ca1917b8f95a92b8c722c9991832

CobaltStrike

d67758e9af27afd184165266c7aad94b9dd9c78d6266849c731f2a3b2cd40c09

CobaltStrike

d9330b86534b1b2285f6b39745490fdeafcca69d975302f06edb0e3ce1c744e7

CobaltStrike

dddf1d1b2b58721f04fe1eb77804d02fb5fc14deca7d8b4f6a9ce3c55644090e

CobaltStrike

e2aba4ac95ff3b89b59c43aa28d8df2e4875d4931dc81eab57f8ada4625ea712

CobaltStrike

ea3dcb24ae132149252ad1aba54c92317be45c3791f14007e94c1a7c509b3965

CobaltStrike

+ 152 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:0 backdoor trojan

Link:

https://tria.ge/reports/210531-hgyng17bj6/

Behaviour

Cobaltstrike

Malware Config

C2 Extraction:

http://27.221.30.57:443/jquery-3.3.2.2.slim.min.js
http://116.177.250.231:443/jquery-3.3.1.1.min.js
http://112.19.197.211:443/jquery-3.3.1.1.min.js
http://171.8.242.149:443/jquery-3.3.1.1.min.js

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.25

Link:

https://yomi.yoroi.company/submissions/e625da9aa862eef338511a40f5e1ea8b05b4782dcd57a695a1c23538cd461424

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/163438/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample