YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash c11639fbd63daba3e041f54a6ba5fe6798e477a1ffd5f7f6c1d254f6abe9348d.
Scan Results
| SHA256 hash: | c11639fbd63daba3e041f54a6ba5fe6798e477a1ffd5f7f6c1d254f6abe9348d | |
|---|---|---|
| File size: | 213'091 bytes | |
| File download: | Original | |
| MIME type: | application/octet-stream | |
| MD5 hash: | 5f32502cd98d09674342a46b005ed180 | |
| SHA1 hash: | 6b9596307517a4291f520dafb2c336e0a4f17b5c | |
| SHA3-384 hash: | e4052ccf504ad77519d6ca0c7e87a2c86d3f3f5bd7a5247a87b754cb18343790bbe30f68b8d36b9ce23f7df42fb012c5 | |
| First seen: | 2026-04-12 17:01:02 UTC | |
| Last seen: | 2026-04-12 17:05:02 UTC | |
| Sightings: | 5 | |
| imphash : | n/a | |
| ssdeep : | 3072:1RqVlCcNxGwlph3HCPZ76U5dZXGxKQ7i+Pz0KmHRGzMyCAbn0WCrR6q1Oz7g6jb:1RM/xlybDXmKL+oTHQMrq16R6qU1b | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 5 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | befb529f-3691-11f1-bfeb-42010aa4000b | |
|---|---|---|
| File name: | 02.08.2022.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.BackDoor.Meterpreter.152.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | Cobaltbaltstrike_Beacon_XORed_x86 |
|---|---|
| Author: | Avast Threat Intel Team |
| Description: | Detects CobaltStrike payloads |
| Reference: | https://github.com/avast/ioc |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | CobaltStrike__Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | malware_CobaltStrike_beacon |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | CobaltStrike encoding code |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
Unpacker
The following YARA rules matched on the unpacked file.
No matches
Unpacked Files
The following files could be unpacked from this sample.
No unpacked files found
Task Information
| Task ID: | 9b4dd14c-3691-11f1-bfeb-42010aa4000b | |
|---|---|---|
| File name: | 02.08.2022.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.BackDoor.Meterpreter.152.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | Cobaltbaltstrike_Beacon_XORed_x86 |
|---|---|
| Author: | Avast Threat Intel Team |
| Description: | Detects CobaltStrike payloads |
| Reference: | https://github.com/avast/ioc |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | CobaltStrike__Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | malware_CobaltStrike_beacon |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | CobaltStrike encoding code |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
Unpacker
The following YARA rules matched on the unpacked file.
No matches
Unpacked Files
The following files could be unpacked from this sample.
No unpacked files found
Task Information
| Task ID: | 779226ce-3691-11f1-bfeb-42010aa4000b | |
|---|---|---|
| File name: | 02.08.2022.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.BackDoor.Meterpreter.152.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | Cobaltbaltstrike_Beacon_XORed_x86 |
|---|---|
| Author: | Avast Threat Intel Team |
| Description: | Detects CobaltStrike payloads |
| Reference: | https://github.com/avast/ioc |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | CobaltStrike__Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | malware_CobaltStrike_beacon |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | CobaltStrike encoding code |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
Unpacker
The following YARA rules matched on the unpacked file.
No matches
Unpacked Files
The following files could be unpacked from this sample.
No unpacked files found
Task Information
| Task ID: | 5443555d-3691-11f1-bfeb-42010aa4000b | |
|---|---|---|
| File name: | 02.08.2022.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.BackDoor.Meterpreter.152.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | Cobaltbaltstrike_Beacon_XORed_x86 |
|---|---|
| Author: | Avast Threat Intel Team |
| Description: | Detects CobaltStrike payloads |
| Reference: | https://github.com/avast/ioc |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | CobaltStrike__Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | malware_CobaltStrike_beacon |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | CobaltStrike encoding code |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
Unpacker
The following YARA rules matched on the unpacked file.
No matches
Unpacked Files
The following files could be unpacked from this sample.
No unpacked files found
Task Information
| Task ID: | 301250aa-3691-11f1-bfeb-42010aa4000b | |
|---|---|---|
| File name: | 02.08.2022.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.BackDoor.Meterpreter.152.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | Cobaltbaltstrike_Beacon_XORed_x86 |
|---|---|
| Author: | Avast Threat Intel Team |
| Description: | Detects CobaltStrike payloads |
| Reference: | https://github.com/avast/ioc |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | CobaltStrike__Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | malware_CobaltStrike_beacon |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | CobaltStrike encoding code |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
Unpacker
The following YARA rules matched on the unpacked file.
No matches
Unpacked Files
The following files could be unpacked from this sample.
No unpacked files found