MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee44c0692fd2ab2f01d17ca4b58ca6c7f79388cbc681f885bb17ec946514088c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee44c0692fd2ab2f01d17ca4b58ca6c7f79388cbc681f885bb17ec946514088c
SHA3-384 hash: 693b5cfb17df551624304e82e5e506ff3eb2e263e594852c3a96718ba9c167d1e336969bf4c990ddafb3adc5e9590a7f
SHA1 hash: 1380d7c44efde64f471ae70563372efe18f43026
MD5 hash: 7edf943ed251fa480c5ca5abb2446c75
humanhash: lion-friend-butter-carolina
File name:ee44c0692fd2ab2f01d17ca4b58ca6c7f79388cbc681f885bb17ec946514088c
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:1'737'728 bytes
First seen:2021-05-28 13:04:07 UTC
Last seen:2021-06-01 23:48:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 042c6b16f932b7d83d864033b4c9bf27 (1 x CobaltStrike)
ssdeep 6144:T22r1g93MFP1WWgs+oht05tnCCRem/V9FkkKdKb+/++9GIyRv9QTaq+D/aYndvKF:T2+g9KzkoEtVcKb+/+EzD+7aJ
Threatray 758 similar samples on MalwareBazaar
TLSH 3A85AE03A35A3468F83795388452F718AF3F7D9213A15BBF025810795E237CAAE6DF91
Reporter JAMESWT_WT
Tags:CobaltStrike NOBELIUM

Intelligence

File Origin
# of uploads :
3
# of downloads :
495
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ee44c0692fd2ab2f01d17ca4b58ca6c7f79388cbc681f885bb17ec946514088c
Verdict:
No threats detected
Analysis date:
2021-05-28 13:35:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c4434507-2ef2-4bcc-9ff9-9349d57cb656

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
CobaltStrikeBeacon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/162968/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.46360875.22655.12155.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/793625
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee44c0692fd2ab2f01d17ca4b58ca6c7f79388cbc681f885bb17ec946514088c/
Threat name:
Win64.Trojan.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2021-05-26 01:15:00 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
19 of 47 (40.43%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
0240347f0a7e6318facda5d29103c2dba44ef0d45f76706cd5ade058a69c0c55
CobaltStrike
03729ae2db20f485c0b83fbf36d2a22d629137deb2032bf972132db9f2805882
CobaltStrike
0ec8d01e78f2157589701925ec97ada690046fa17ca65a0db766d96533529aab
CobaltStrike
9127f4731cb668c005941f22e29406e5973f97a54faa0ea3d8b91b163e37b19a
CobaltStrike
a93eb70cc4152e32cd3a39fda968b2da5ade48453927410a0d520f2d13223d11
CobaltStrike
b7d4f66a98e928dfb18d41021e5ad11043a3fc473c794edf481e8aa8c7cc9255
CobaltStrike
cb01f31a322572035cf19f6cda00bcf1d8235dcc692588810405d0fc6e8d239c
CobaltStrike
dbafbe9edfdac67a781756a6970a7341fd5401b0914fff7e3e8136cff0426fc5
CobaltStrike
ecb843e273a1466cc30236163514fc5ec75031651448b30ba2f163578c62bb5b
CobaltStrike
f25295fc7d3435f80f39e602465da255ee0ace3d845315dac8731873adff894d
CobaltStrike
+ 748 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike botnet:1359593325 backdoor trojan
Link:
https://tria.ge/reports/210528-f9lxa855fe/
Behaviour
Modifies system certificate store
Blocklisted process makes network request
Cobaltstrike
Malware Config
C2 Extraction:
http://dataplane.theyardservice.com:443/jquery-3.3.1.min.woff2
http://cdn.theyardservice.com:443/jquery-3.3.1.min.woff2
http://static.theyardservice.com:443/jquery-3.3.1.min.woff2
http://worldhomeoutlet.com:443/jquery-3.3.1.min.woff2
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ee44c0692fd2ab2f01d17ca4b58ca6c7f79388cbc681f885bb17ec946514088c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
Cape
Cape
https://www.capesandbox.com/analysis/162968/

Comments