MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7e2bc2c52d0b57ed7a2d11fa822ef5520559876b7c55f3f38cf8ef62d6ee544. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	e7e2bc2c52d0b57ed7a2d11fa822ef5520559876b7c55f3f38cf8ef62d6ee544
SHA3-384 hash:	da13d6ebdd4f856b7824284d64003024e9fb2ae45585f32cb59610a8de2bb2556c7e9dfd6d0b9fa99a5e7c8a639d81a2
SHA1 hash:	07a638168c36e9df38de6aeb1e8e5c62b737ccb7
MD5 hash:	f7c826afa46260b96e81d763a3ff6a21
humanhash:	tennis-minnesota-michigan-july
File name:	svchost.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	790'016 bytes
First seen:	2021-09-27 16:25:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	da6780f2ac1dcc5299d2c9883d4e2be3 (1 x CobaltStrike)
ssdeep	12288:pjC40sRD//p5i1buSxyXf+v7lW8XsQqaoRFYiFPW4J:BCINeBByXf474i7oR5FPW4J
Threatray	1'302 similar samples on MalwareBazaar
TLSH	T1A4F48D13F2E889B6D066933989D38A87E6727C645B3043C75280F73E2E776E15E39325
File icon (PE):
dhash icon	71b119dcce576333 (3'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT)
Reporter	James_inthe_box
Tags:	CobaltStrike exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

563

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

5b630ba4cb34c23c897084259ad3a00bf31a1e03b080ae7de5d58b5e0f1ebf08.xls

Verdict:

Malicious activity

Analysis date:

2021-09-27 16:01:18 UTC

Tags:

macros

Link:

https://app.any.run/tasks/da41e1a1-7df8-4d4b-a513-4de7a22e1dcb

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

CobaltStrikeBeacon

Link:

https://www.capesandbox.com/analysis/192199/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

DNS request

Connection attempt

Sending a custom TCP request

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/be533230-00c4-4ba5-9fae-75ef5d268e48

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/859173

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

Malicious sample detected (through community Yara rule)

System process connects to network (likely due to code injection or exploit)

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

cobaltstrike

Link:

https://mwdb.cert.pl/sample/e7e2bc2c52d0b57ed7a2d11fa822ef5520559876b7c55f3f38cf8ef62d6ee544/

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

1196cd7aca5d5576e3d142339e6d7fd9325f4210c6ae196065d766a1468da08c

1fe55fd200fa8953c2368a652dcf8c6c52756ceff2922fa3be265f6e46a844fa

24cf3b356d4acc1b6179d535a8aae85d52d53c926f2021fa9ae67b5f7fc37140

6880a560c6cc3dd49bdc94a90dcc8dc69e55a6d842e76bb0dff0038bad6a762f

9062e1a48d6531e8022521aebcecbe7913281c1dc282f3230c280f72cf5fca49

97fbb35c5073af391068712aa31992c2d6d174c8c297baef188d687fe6f4fd62

cf0a85f491146002a26b01c8aff864a39a18a70c7b5c579e96deda212bfeec58

cf1043d00d87887f92a59e86296d1b7acaf37ccb33e9d2ce1f3c40d669de8ed5

+ 1'292 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:0 backdoor trojan

Link:

https://tria.ge/reports/210927-txjxsahecp/

Behaviour

Suspicious use of SetWindowsHookEx

Cobaltstrike

Malware Config

C2 Extraction:

http://datacdn.cloud:443/Compare/aol/BEERMBB2KT

Unpacked files

SH256 hash:

e7e2bc2c52d0b57ed7a2d11fa822ef5520559876b7c55f3f38cf8ef62d6ee544

MD5 hash:

f7c826afa46260b96e81d763a3ff6a21

SHA1 hash:

07a638168c36e9df38de6aeb1e8e5c62b737ccb7

Link:

https://www.unpac.me/results/d5428f21-5950-4eb0-bdef-5a140f7e6b19/

Malware family:

Cobalt Strike

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/e7e2bc2c52d0/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e7e2bc2c52d0b57ed7a2d11fa822ef5520559876b7c55f3f38cf8ef62d6ee544

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/192199/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample