MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f25295fc7d3435f80f39e602465da255ee0ace3d845315dac8731873adff894d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f25295fc7d3435f80f39e602465da255ee0ace3d845315dac8731873adff894d
SHA3-384 hash: 190a9c28832bbc4a018e073afd8374dbe628918adfb0d58ac54e64e3318d80557769285d75efc83cd258043a939d9559
SHA1 hash: 7f1111170b8dfa40b40a920c118798e7637e8e9a
MD5 hash: e27be42b8e2e56d15adcab391974ccba
humanhash: fourteen-emma-avocado-fish
File name:e27be42b8e2e56d15adcab391974ccba.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:156'168 bytes
First seen:2021-02-24 15:40:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c7bd397771181510ed9dd92897ea74c5 (3 x CobaltStrike)
ssdeep 3072:mrW1+PlAoE3DqKQevDXHoX6zr/YRr4FfNN9KWOeQ175F7:ZWpETNQevzIX6zWrxeQ17v
Threatray 617 similar samples on MalwareBazaar
TLSH CBE3591B77A9B0E7E022897984550E09D733B8331761DB9F0360916E6E2BBD05E3DB71
Reporter abuse_ch
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
511
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e27be42b8e2e56d15adcab391974ccba.exe
Verdict:
No threats detected
Analysis date:
2021-02-24 15:46:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/eaca370a-cdb4-45f4-a1bd-e20e04ea10c7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Artemis.4780.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Changing a file
DNS request
Sending an HTTP GET request
Sending a UDP request
Sending a TCP request to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/616914
Signature
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f25295fc7d3435f80f39e602465da255ee0ace3d845315dac8731873adff894d/
Threat name:
Win64.Backdoor.Bazarloader
Create hunting rule
Status:
Malicious
First seen:
2021-02-19 15:06:44 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6jjjl7d5gq27qdzz4ybemxnckxxavtr5qrjrlwwiommhhlp7rfgq._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c
CobaltStrike
55c7a0ec28ac9319b3d2245882007c7c1f72b3f44970d24c6d5c355f993d1fb9
CobaltStrike
6fc2d85f11a802fd6abca3bd24c3b97af10671772c884a743c6e623382cefd88
CobaltStrike
836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599
CobaltStrike
9a7d2b2c96ee9b7b0ddc1665988d935a719f04cdb2b2dd331ec36aa4f6597506
CobaltStrike
a93eb70cc4152e32cd3a39fda968b2da5ade48453927410a0d520f2d13223d11
CobaltStrike
ca00167290891c622745230d52c813ab8e25f18d2106f18fb6dc2594383b58d8
CobaltStrike
cb01f31a322572035cf19f6cda00bcf1d8235dcc692588810405d0fc6e8d239c
CobaltStrike
e0952195d73431802bf22dad462b2fffda7ae4f4e384aad8e326b0c6404fb5bf
CobaltStrike
ede75c0a88d80043f79025dfd8ef91c3d1b01a1613f4a0347b2ceb29f8b19578
CobaltStrike
+ 607 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/210224-tsjktlslcj/
Behaviour
Modifies system certificate store
Cobaltstrike
Malware Config
C2 Extraction:
http://hdhuge.com:443/files/remove.gif
http://hdhuge.com:443/skin
Unpacked files
SH256 hash:
f25295fc7d3435f80f39e602465da255ee0ace3d845315dac8731873adff894d
MD5 hash:
e27be42b8e2e56d15adcab391974ccba
SHA1 hash:
7f1111170b8dfa40b40a920c118798e7637e8e9a
Link:
https://www.unpac.me/results/e047c43a-9c26-49f1-bb09-2e51b2409b0e/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:megacortex_rietspoof
Create hunting rule
Author:jeFF0Falltrades

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments