MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec06102bf93522b24afce8e7641a0182b4bf0c53861599f22b5ee257ad1ee2d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	ec06102bf93522b24afce8e7641a0182b4bf0c53861599f22b5ee257ad1ee2d8
SHA3-384 hash:	3fead5ce6e740cf10445b7f757b93d2ede7cd34aee2bb245a18d56f5aab80129a2f92185c4e052fd0384ed33d1fed667
SHA1 hash:	8f02047a3b63669982623eaa0443fcc9ce01fb19
MD5 hash:	22d414f1d5e1b1f1acedd2a253786e58
humanhash:	mississippi-fillet-paris-floor
File name:	ec06102bf93522b24afce8e7641a0182b4bf0c53861599f22b5ee257ad1ee2d8
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	17'920 bytes
First seen:	2020-08-28 13:18:13 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	17b461a082950fc6332228572138b80c (121 x CobaltStrike, 2 x Cobalt Strike)
ssdeep	192:ahA0TJAPyjLHY219R8C6wtQbYu2KmbxQ2C04kvWgepEt2rp9PFQj6EUbOHw7UvEB:QA0TJASPp6p/D43FvWgepB9e62wlBPf
Threatray	622 similar samples on MalwareBazaar
TLSH	9D820A7FB60668D8D12BD17CC9DE6772ACF27422017B671F1BB8C7302E219784A6D909
Reporter	JAMESWT_WT
Tags:	CobaltStrike

Intelligence

File Origin

# of uploads :

1

# of downloads :

91

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/52340/

Detection(s):

Win.Trojan.CobaltStrike-9044898-1

Win.Trojan.CobaltStrike-7899871-1

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending an HTTP GET request

Sending a UDP request

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/453547

Signature

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ec06102bf93522b24afce8e7641a0182b4bf0c53861599f22b5ee257ad1ee2d8/

Threat name:

Win64.Backdoor.CobaltStrikeBeacon

Status:

Malicious

First seen:

2020-08-22 10:08:33 UTC

File Type:

PE+ (Exe)

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=5qdbak7zgurlesx45dtwigqbqk2l6dctqykzt4rll3rfpli64lma._file

Verdict:

malicious

Similar samples:

080ef9f0362e415d3292125aa97d460f0499b6bec9596e2e580aef1fd7576e07

26760ca79ec85b46777cda948a746134b8513692075fbc17db7a553b24fd3482

2b37d1cc352523550bc54e25ed9d5c6f4924f597d006a854e5f4336f0251163e

3f6a83e5c484e9d495e3f29ffcedc2881690d54a7058e5c677e3feda66ed96fe

579dd063a1a7b901f985b190ddaf2f3cad1be5c135b01266a69d046ae247633c

86ecb5b31182eb2fd094398cbc5a7f3d20aa6a661a733294009d14cd7ba19224

8c406c19f6f0070a18debf72182fe877fc438e607d098f9fdaca59088ac4491b

9a56a2cd845b22c393ea8fba2a5467642181039aac3876082fe2a8d92adfae55

b688dd3b5c68db421a7a5d1cdd19ad7a847771c7f7ad33fe9a0f74e475428c83

dc6e2fe4208ef45c9131412de032c2b752425b5c0fc37dfecdbb2d0a0ea6263d

+ 612 additional samples on MalwareBazaar

Result

Malware family:

metasploit

Score:

10/10

Tags:

trojan backdoor family:metasploit

Link:

https://tria.ge/reports/200828-m3zakhd7ne/

Behaviour

MetaSploit

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/ec06102bf93522b24afce8e7641a0182b4bf0c53861599f22b5ee257ad1ee2d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/52340/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample