YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 6796f19e369889be95d6f784536447faffd0e45967627d78077ce702741ed312.
Scan Results
| SHA256 hash: | 6796f19e369889be95d6f784536447faffd0e45967627d78077ce702741ed312 | |
|---|---|---|
| File size: | 19'456 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | d4aa29575d62a2b48767b576f43e071b | |
| SHA1 hash: | 9a695aca1b4761069d54ffbbd5eca05cfe8003c9 | |
| SHA3-384 hash: | fe4f124029620ae24d49acc080afbe2e3f33921c8f782328deb77c4bbf31a62a66c4efff3481ea38b8fff8f4917ae651 | |
| First seen: | 2024-10-18 05:10:32 UTC | |
| Last seen: | 2024-10-18 05:15:02 UTC | |
| Sightings: | 2 | |
| imphash : | 147442e63270e287ed57d33257638324 | |
| ssdeep : | 192:lV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/28UWq27LXWF8qa1Dojjgi:HqaCF31cix+Dc4zjsWq2+FF46gi | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
You can browse the 10 most recent tasks associated with this file blow.
Task Information
| Task ID: | eda9eb2d-8d0f-11ef-b6ec-42010aa4000b | |
|---|---|---|
| File name: | 6796f19e369889be95d6f784536447faffd0e45967627d78077ce702741ed312 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Countermeasure.LoaderWinGeneric-9804845-2 |
|---|
| Signature: | Win.Trojan.CobaltStrike-7899871-1 |
|---|
| Signature: | Win.Trojan.CobaltStrike-9044898-1 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | pe_detect_tls_callbacks |
|---|---|
| Author: | |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | win_cobaltstrike_pipe_strings_nov_2023 |
|---|---|
| Author: | Matthew @ Embee_Research |
| Description: | Detects default strings related to cobalt strike named pipes |
| TLP: | TLP:WHITE |
| Repository: | embee-research |
| Rule name: | Windows_Trojan_CobaltStrike_7f8da98a |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
Unpacker
The following YARA rules matched on the unpacked file.
No matches
Unpacked Files
The following files could be unpacked from this sample.
No unpacked files found
Task Information
| Task ID: | 4cb5a815-8d0f-11ef-b6ec-42010aa4000b | |
|---|---|---|
| File name: | d4aa29575d62a2b48767b576f43e071b | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Countermeasure.LoaderWinGeneric-9804845-2 |
|---|
| Signature: | Win.Trojan.CobaltStrike-7899871-1 |
|---|
| Signature: | Win.Trojan.CobaltStrike-9044898-1 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | pe_detect_tls_callbacks |
|---|---|
| Author: | |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | win_cobaltstrike_pipe_strings_nov_2023 |
|---|---|
| Author: | Matthew @ Embee_Research |
| Description: | Detects default strings related to cobalt strike named pipes |
| TLP: | TLP:WHITE |
| Repository: | embee-research |
| Rule name: | Windows_Trojan_CobaltStrike_7f8da98a |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter