MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eaa5d52aa0f63bbef626bfa55ec1b4ee7445b1f080d9fc2178992a926166888a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	eaa5d52aa0f63bbef626bfa55ec1b4ee7445b1f080d9fc2178992a926166888a
SHA3-384 hash:	f9c7a293644a793f3d803e735114e30c4adc591786f1e0c267621c6a6f5468d6852e3fd6f0ec06aaaa9ef5dd292bcf38
SHA1 hash:	dd5877065cecaeaca9d5fe13a6d09362ab0ab4fa
MD5 hash:	f5f76b6e5009f77aeaa1caa904a3042f
humanhash:	india-avocado-white-helium
File name:	eaa5d52aa0f63bbef626bfa55ec1b4ee7445b1f080d9fc2178992a926166888a
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	27'651 bytes
First seen:	2020-08-31 13:09:28 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e27c058ef43603ed4efd2b6bca49da8b (1 x CobaltStrike)
ssdeep	384:2s6nWTV1KaMfWhvrsBCUANqpwL+KkObuZlwRRLmhey0y0TF5VjL84:23na35vrsuY5O5K0yqF5Vn
Threatray	79 similar samples on MalwareBazaar
TLSH	07C2D587BA86C4B6C51084779833AA716727FC106E5D4F0B37E4BB8E6C352A46F0175C
Reporter	JAMESWT_WT
Tags:	101.132.33.79 CobaltStrike

Intelligence

File Origin

# of uploads :

1

# of downloads :

85

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/53561/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Sending an HTTP GET request

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/455513

Signature

Antivirus / Scanner detection for submitted sample

Found potential dummy code loops (likely to delay analysis)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/eaa5d52aa0f63bbef626bfa55ec1b4ee7445b1f080d9fc2178992a926166888a/

Threat name:

Win32.Trojan.Swrort

Status:

Malicious

First seen:

2018-12-27 23:56:35 UTC

File Type:

PE (Exe)

Extracted files:

8

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=5ks5kkva6y5355rgx6sv5qnu5z2elmpqqdm7yilytevjeylgrcfa._file

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

203f753b4e81e49247f62c3f59e6744e6b7b3b0a399ebe7118b0fcc23c6ebf22

2bce6eb2839569ba077e24468259aa2678677275c632a0d276dcb14566cc6fcf

39d7474b63ada6e1a6d60bf32680e06a5265f88439942a37f8be3f668b78c2b2

888750cee6858ec2c6131628caa562be26b1c65ecaeff4addcbf73a456c99517

951cf534559a88818ccf0aa18e0b771a9e8159f40ecba9c58ceb5ba720859af8

a0bf02f7dd4044543ecaf4df5b150e945ac719f0a9899ffafd11f641de1acf2b

c116950f9ffd9a40a5b2d139311118bbbde55e751d5c2af99814a801f6236be2

d98c29847ea4a1acbc30f95ede18759d9f2ed343dd99d85a542efdf23fd497e5

f15491b940bdf60bc4e906b0c333ea3f7a7f38079a906b80a212901eb5ce0152

fde61e7e31794b93f99bc6e1a99c64debde2e6f982e7f385a7a6b1be41feb14c

+ 69 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

trojan backdoor family:cobaltstrike

Link:

https://tria.ge/reports/200831-ewjfxaw28x/

Behaviour

Cobaltstrike

Malware Config

C2 Extraction:

http://101.132.33.79:4527/jquery-3.3.1.min.js

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/eaa5d52aa0f63bbef626bfa55ec1b4ee7445b1f080d9fc2178992a926166888a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/53561/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample