YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash fa7069c48fd4cba1c91b1966f5372469d0ebe1f79a7ad07c1b78be791b26d40b.
Scan Results
| SHA256 hash: | fa7069c48fd4cba1c91b1966f5372469d0ebe1f79a7ad07c1b78be791b26d40b | |
|---|---|---|
| File size: | 520'029 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | bada2cc2c11ea0184f7ab3670641e718 | |
| SHA1 hash: | f9f2c9856cd7ba00324a9c98571a48bce86decbe | |
| SHA3-384 hash: | 21582ad053f32dc470cec7ea7285e6729dd750ba8b6241c9294e3981297cbffd9304874aee4ead55713f3fe64a6c77df | |
| First seen: | 2024-12-09 09:37:59 UTC | |
| Last seen: | 2024-12-09 09:37:59 UTC | |
| Sightings: | 2 | |
| imphash : | 34e917a2766061fad09c7dd6f369c334 | |
| ssdeep : | 12288:3WBqf/qq3R5W8ZB4zmRzbaqI0f8lJQQF9:39f93PW8ZBS+zblIDaQ | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | 134313133333130e | |
Tasks
There are 2 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 4762dd8e-b611-11ef-a38e-42010aa4000b | |
|---|---|---|
| File name: | 260000.maaxx.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Trojan.Generic-10036401-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | cobalt_strike_tmp01925d3f |
|---|---|
| Author: | The DFIR Report |
| Description: | files - file ~tmp01925d3f.exe |
| Reference: | https://thedfirreport.com |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | DebuggerCheck__API |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP: | TLP:WHITE |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter
Task Information
| Task ID: | 475ef26e-b611-11ef-a38e-42010aa4000b | |
|---|---|---|
| File name: | 260000.maaxx.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Trojan.Generic-10036401-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | cobalt_strike_tmp01925d3f |
|---|---|
| Author: | The DFIR Report |
| Description: | files - file ~tmp01925d3f.exe |
| Reference: | https://thedfirreport.com |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | DebuggerCheck__API |
|---|---|
| Reference: | https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara |
| TLP: | TLP:WHITE |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter