MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ede75c0a88d80043f79025dfd8ef91c3d1b01a1613f4a0347b2ceb29f8b19578. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	ede75c0a88d80043f79025dfd8ef91c3d1b01a1613f4a0347b2ceb29f8b19578
SHA3-384 hash:	d5b572ecf325e02b2b8df98da3a8bc61eeb2b67af714d4c358f8fcee077f24f151606093d511850abb4192c1b1d2ffce
SHA1 hash:	0be71db06cb525f058fcf4da40b84f96f1304fb7
MD5 hash:	49d508847c6982fc16ef7ccef4a327bc
humanhash:	freddie-wisconsin-california-delaware
File name:	ede75c0a88d80043f79025dfd8ef91c3d1b01a1613f4a0347b2ceb29f8b19578.dll
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	167'144 bytes
First seen:	2020-10-22 07:33:35 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	85716ded6bc499a024ee212496869f7a (1 x CobaltStrike)
ssdeep	3072:nLQi4gOlTtuFbYn4f8B0x5ecjFDZ4YE40nkat4tLJGPzswzpbR5:Ei4RlT+3f8+bTjRZlInx4tLJGPz/pbn
Threatray	627 similar samples on MalwareBazaar
TLSH	53F37D47339404B7D5BB9774CDA38905CB72B81246B0AB8F5794429AEF233D29E39732
Reporter	Anonymous
Tags:	Cobalt Strike CobaltStrike NOSOV SP Z O O

Intelligence

File Origin

# of uploads :

1

# of downloads :

88

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/74536/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

DNS request

Sending a custom TCP request

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ede75c0a88d80043f79025dfd8ef91c3d1b01a1613f4a0347b2ceb29f8b19578/

Threat name:

Win64.Backdoor.CobaltStrikeBeacon

Status:

Malicious

First seen:

2020-10-21 01:35:51 UTC

AV detection:

21 of 29 (72.41%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

05815c1e6e37cf16bb24c456836069a7709df19505708d26f503ff46360001ba

2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c

3e6c11f27c1309c63abe0a1563c6141ce7b8d8110419c572be46dcb3578db443

836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599

87dca59ec3d55bcb1b05da564e5ce0a164ab633f1c46a18a97f72a30efff7388

9a7d2b2c96ee9b7b0ddc1665988d935a719f04cdb2b2dd331ec36aa4f6597506

a8241398b22ba3745b460a7a0c39cb9a86ca258b9283901d42e8dab283acb39b

ca00167290891c622745230d52c813ab8e25f18d2106f18fb6dc2594383b58d8

d44d718c247b1664861f987b1725314f152e43e7c1da80b163f812e1b7c3fdb7

e0952195d73431802bf22dad462b2fffda7ae4f4e384aad8e326b0c6404fb5bf

+ 617 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201022-eql2afsdcj/

Unpacked files

SH256 hash:

ede75c0a88d80043f79025dfd8ef91c3d1b01a1613f4a0347b2ceb29f8b19578

MD5 hash:

49d508847c6982fc16ef7ccef4a327bc

SHA1 hash:

0be71db06cb525f058fcf4da40b84f96f1304fb7

Link:

https://www.unpac.me/results/8c61c820-fc95-40b2-9ffd-012847b0956b/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

X

https://twitter.com/bryceabdo/status/1318615084072112128

Cape

Cape

https://www.capesandbox.com/analysis/74536/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample