YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 0965eb5e36d48c62f02ef50f71ba8b9ca0ba8f2e1d0ec487eb4bb4128e3b17c4.
Scan Results
| SHA256 hash: | 0965eb5e36d48c62f02ef50f71ba8b9ca0ba8f2e1d0ec487eb4bb4128e3b17c4 | |
|---|---|---|
| File size: | 213'053 bytes | |
| File download: | Original | |
| MIME type: | application/octet-stream | |
| MD5 hash: | 9b87499c13f316640e4cefd54b47107b | |
| SHA1 hash: | c83103dfe848c67437e2c21fbf7fb42d5ecac1f6 | |
| SHA3-384 hash: | 16d5c4f0510c24808038507161f60e5bef74eacd55addd85916a9040387940aee9753ad94c1a2c2d4f700b7939066882 | |
| First seen: | 2026-04-08 11:31:04 UTC | |
| Last seen: | 2026-04-08 11:34:02 UTC | |
| Sightings: | 4 | |
| imphash : | n/a | |
| ssdeep : | 6144:wnSh+JgX2IKGzWF8Eah4OlQP+pqkBOH6GgE+zPdmz:wnY3XXKLFQ6ik07Yczsz | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 4 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | d7d7be98-333e-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | 02.08.2022.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.BackDoor.Meterpreter.152.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CobaltStrike__Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | malware_CobaltStrike_beacon |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | CobaltStrike encoding code |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | b452ffd0-333e-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | 02.08.2022.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.BackDoor.Meterpreter.152.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CobaltStrike__Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | malware_CobaltStrike_beacon |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | CobaltStrike encoding code |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 908d185d-333e-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | 02.08.2022.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.BackDoor.Meterpreter.152.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CobaltStrike__Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | malware_CobaltStrike_beacon |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | CobaltStrike encoding code |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 6d9a8cac-333e-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | 02.08.2022.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.BackDoor.Meterpreter.152.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CobaltStrike__Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | malware_CobaltStrike_beacon |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | CobaltStrike encoding code |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.