MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f72550c99a297558235caa97d025054f70a276283998d9686c282612ebdbea0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f72550c99a297558235caa97d025054f70a276283998d9686c282612ebdbea0
SHA3-384 hash: 810abeaf8c31d2d7048afcd853be4946a81516fa12589836f58890ade3feed32f35f72ad4be8555ee3576274c62d8753
SHA1 hash: b59c4ddc4e2d9bc806af0fb4fe4e80776382a4a9
MD5 hash: a445cda34b21a4926a5ace7acc610df2
humanhash: yellow-pip-river-colorado
File name:chikenchuchu123.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:1'829'904 bytes
First seen:2020-06-10 22:22:57 UTC
Last seen:2020-06-10 22:41:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5d1567be81ee28757dff806dc586235b (1 x CobaltStrike)
ssdeep 6144:2EGpBh8yGtiyB4RHrUzdyDwe3qF7pMkZs3wEC8IjSwwIr08jRgML2sloA:2EqdWiyB4ledkwqqF+kZT9BSwwItR9OA
Threatray 69 similar samples on MalwareBazaar
TLSH C1850684186ECE77B8D2B73EF195FE167911207940EFD0802DBCA1F97DE728A0D0A956
Reporter James_inthe_box
Tags:CobaltStrike exe

Code Signing Certificate

Organisation:TMFZUDNLMDSVGTALOW
Issuer:TMFZUDNLMDSVGTALOW
Algorithm:sha1WithRSA
Valid from:Jun 8 19:53:35 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: 0EA453C1C3A5B1B24B75D38E41B75CC6
Thumbprint Algorithm:SHA256
Thumbprint: 72103AEC72BA88E776DAEAB5099072EA97D80A19B4F79D3C317825FFF517C3C6
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7700/
Detection(s):
SecuriteInfo.com.Trojan.DownLoad4.13911.1035.11015.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Ransomware.Wasted
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 01:03:19 UTC
File Type:
PE (Exe)
AV detection:
37 of 48 (77.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f5zfkdezuklvlarvzkux2asqkt3quj3cqomy3fugykbgclv5x2qa._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
3dfb4e7ca12b7176a0cf12edce288b26a970339e6529a0b2dad7114bba0e16c3
CobaltStrike
4d71f1eab01045de9ae76ea248be7746bad70c12ad977eeb6e8f8e46bbce6395
CobaltStrike
4d8232c8973ec2c528be5f380b9f027a7221023e2b2e774403a8839385b2e197
CobaltStrike
514de96ef99941a0c9712622848b687b402b0635a4bb45cf1cee0002fe8cdfcd
CobaltStrike
70eae6d411554b0587f9bc3e7e7cc753e81b8086310dc5fa8181c44632fe1ada
CobaltStrike
8668a50a557e2b402d105cd44953bcb7f2a854b34ed6fa89daabe706f809ce32
CobaltStrike
8bb24503e3418b4e1879c450818a21da05f7f3a54da7939b3f1733b45c9bb029
CobaltStrike
96c441a2676616cbc2869de5adf4215bdad4603d970f956cc3de927301599257
CobaltStrike
a68210378135bd42e9a1a8e854fb0cab06f58ffcab9a8583f0654fe9807c5555
CobaltStrike
e05f6dab54210a041235191663afd7f296c4733e42d9f09b971a9861bf317df8
CobaltStrike
+ 59 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/201109-b3z2hkk2pj/
Behaviour
Cobaltstrike
Malware Config
C2 Extraction:
http://consultane.com:443/jquery-3.3.1.min.js
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/7700/

Comments