MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f
SHA3-384 hash:	c3aa8b926e1d118c23022dd71f78950cc7a1e671814328b82a8570fede1e3d2406c2e9f36be5313463d79d883ffe0977
SHA1 hash:	a0ccb227c6450eab38a821e45dcfd4d3ad8296eb
MD5 hash:	16057a5b83e5b67e8294c3ffd5fb7cab
humanhash:	video-burger-red-london
File name:	f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f.bin
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	1'368'064 bytes
First seen:	2020-07-28 14:48:28 UTC
Last seen:	2020-07-28 15:48:56 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	91802a615b3a5c4bcc05bc5f66a5b219 (18 x Glupteba, 6 x Rhadamanthys, 3 x CobaltStrike)
ssdeep	24576:lFpY2pfz80HS71oGLS4azoSuEUlSrARCCzwW7f:l7Tpfz80HSxoASro4VrARCt
Threatray	1'320 similar samples on MalwareBazaar
TLSH	E2554A837CE118BDD57DF27149A686A13633B86843337BC31E5465BA1A6AED07F2D320
Reporter	sysopfb1
Tags:	CobaltStrike golang

Intelligence

File Origin

# of uploads :

2

# of downloads :

121

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/33828/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.43447408.2283.2024.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/400619

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f/

Threat name:

Win64.Trojan.Shelma

Status:

Malicious

First seen:

2020-07-06 16:02:51 UTC

AV detection:

18 of 29 (62.07%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

080ef9f0362e415d3292125aa97d460f0499b6bec9596e2e580aef1fd7576e07

347003b480671cccce2fdd442c8f3ed3503b6881c25c1aef70677813f6005df2

3b6d04d6b629c1bdab4f15b0aa0d1e7792078b21cf876ec4c630243de1b47ac3

4d71f1eab01045de9ae76ea248be7746bad70c12ad977eeb6e8f8e46bbce6395

9282d409b92e1ebf58829283933edea243f7ccf3b68456139986c7cb5949522d

a3c34cc5f8a13545a73b2a21512232e91dfef275a3cecb81215a5affb69709fb

ce83f302a60301e222c23e67a7525106d610c6231c23d747ad4263669c1c88c7

d54b73a94d481ee2917e42ba3d4ea3b70f368bb13cebf5b8824257907ac84ff1

e99cc027c77bed5c1414225e39093bde66c654a9adfcca9cb3ddafa266410aea

ec06102bf93522b24afce8e7641a0182b4bf0c53861599f22b5ee257ad1ee2d8

+ 1'310 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200728-t3bnvmqyss/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

WanaCrypt0r

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

X

https://twitter.com/sysopfb/status/1287824849302364164

Cape

Cape

https://www.capesandbox.com/analysis/33828/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample