YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash f5902ef25464d3231b3b731b7835c4e1fb8e6b3be62de42158a1e23668735e52.
Scan Results
| SHA256 hash: | f5902ef25464d3231b3b731b7835c4e1fb8e6b3be62de42158a1e23668735e52 | |
|---|---|---|
| File size: | 239'695 bytes | |
| File download: | Original | |
| MIME type: | application/octet-stream | |
| MD5 hash: | 7bd85d9577ad04f2fa17a846dba127d1 | |
| SHA1 hash: | 98cd73e7eea03414899e2a713005636ac09949fa | |
| SHA3-384 hash: | c11d85aeda0cff2f06a88abe5e57c86d753dc6e7799dff27f8eb07d2e13792d3da02e828bd5c3603789d9e58acdeef2f | |
| First seen: | 2026-04-01 17:02:03 UTC | |
| Last seen: | 2026-04-01 17:06:02 UTC | |
| Sightings: | 5 | |
| imphash : | n/a | |
| ssdeep : | 6144:Gly3zzSZMpspYt5ChAEYpPJPU8nnN0kCSvOlcowJAj:Gly3zzSZMG0T5nukCG8 | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 5 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 10438f69-2ded-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | 02.08.2022.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.BackDoor.Meterpreter.152.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CobaltStrike__Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | malware_CobaltStrike_beacon |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | CobaltStrike encoding code |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | ec4dc05b-2dec-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | 02.08.2022.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.BackDoor.Meterpreter.152.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CobaltStrike__Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | malware_CobaltStrike_beacon |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | CobaltStrike encoding code |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | c8f74c8f-2dec-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | 02.08.2022.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.BackDoor.Meterpreter.152.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CobaltStrike__Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | malware_CobaltStrike_beacon |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | CobaltStrike encoding code |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | a56df88a-2dec-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | 02.08.2022.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.BackDoor.Meterpreter.152.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CobaltStrike__Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | malware_CobaltStrike_beacon |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | CobaltStrike encoding code |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 81ddac1d-2dec-11f1-b47f-42010aa4000b | |
|---|---|---|
| File name: | 02.08.2022.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | SecuriteInfo.com.BackDoor.Meterpreter.152.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CobaltStrike__Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| TLP: | TLP:WHITE |
| Repository: | GCTI |
| Rule name: | CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x |
|---|---|
| Author: | gssincla@google.com |
| Description: | Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x |
| Reference: | https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | malware_CobaltStrike_beacon |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | CobaltStrike encoding code |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.