MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a47264486c9f7480f11e63207b0c7e7bd762b389ef2be3e665db16a53b2dde1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	2a47264486c9f7480f11e63207b0c7e7bd762b389ef2be3e665db16a53b2dde1
SHA3-384 hash:	27ac08346176229c5ad4dbe61fe9576afbd1245f3eacc0e9e08227ffb33db6cbf0692064bf06b9ab6a5bf79ab18eec1a
SHA1 hash:	f242e10e056c20e19afafb178b1d79cf9e36b775
MD5 hash:	4427f30f91038cbeb9f33ddfffbbcdc7
humanhash:	zulu-high-don-eleven
File name:	4427f30f91038cbeb9f33ddfffbbcdc7.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	2'424'832 bytes
First seen:	2022-04-19 06:36:28 UTC
Last seen:	2022-04-20 10:23:48 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	26d6403761c2fe86e9b72043c35c3693 (1 x CobaltStrike)
ssdeep	49152:2S8w2FTZ03gwaehC6CJCRpiBk0UIW9S+PCotH3KIffwWrXtFEKnTFpdcEkpcz9LB:N8VaEKnTFEx6z9Uw
Threatray	362 similar samples on MalwareBazaar
TLSH	T158B5E593F6B251E8D8F6C0398B927627BD71B95583399BD3960086174B32FF0A93E740
TrID	48.7% (.EXE) Win64 Executable (generic) (10523/12/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter	abuse_ch
Tags:	CobaltStrike exe

Intelligence

File Origin

# of uploads :

3

# of downloads :

672

Origin country :

n/a

Vendor Threat Intelligence

Detection:

CobaltStrikeBeacon

Link:

https://www.capesandbox.com/analysis/264502/

Detection(s):

SecuriteInfo.com.Variant.Lazy.168286.12256.27157.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Sending an HTTP GET request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/625e5895ffe27d5119088577/reports/377ffc26-3eda-417d-b6ef-739dd55a7d34/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Cobalt Strike

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/f36865ee-7442-477c-9d65-d17e9dc86cf7

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/978648

Signature

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

cobaltstrike

Link:

https://mwdb.cert.pl/sample/2a47264486c9f7480f11e63207b0c7e7bd762b389ef2be3e665db16a53b2dde1/

Threat name:

Win64.Trojan.CobaltStrike

Status:

Malicious

First seen:

2022-04-16 12:40:54 UTC

File Type:

PE+ (Exe)

AV detection:

16 of 26 (61.54%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

2a2edba07e82b994bae95816fd2b122c53af573ec88224434e18a4b4650aca7e

65b208943d8cf82af902c39400bdd7a26fdbc94c23f9d4494cf0a2ca51233213

929fb8f4c028bab8fcb5b1f89163abbfa088fadc9555efb5f6508e09d90d6654

9ca6449c0586a77c55586bcc7adfaef2c3cc53da4713c5ed57fced15a3054545

ac1d19c5942946f9eee6bc748dee032b97eb3ec3e4bb64fead3e5ac101fb1bc8

d1d0c9d1ee7b800d491c9fb3fc94b93e5c59d903a4debb092846c46481077ae0

d3ec1a84996a4443b146bfeeaded02eafe663af47b858adc650465f808498eb4

e70c965ae03c89538c94cc65ada5194c0b129a67e4c5f0eca728965ff4f831ae

+ 352 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:0 backdoor trojan

Link:

https://tria.ge/reports/220419-hdggrschb7/

Behaviour

Modifies system certificate store

Cobaltstrike

Malware Config

C2 Extraction:

http://arentuk.com:443/jquery-3.3.1.min.js

Unpacked files

SH256 hash:

2a47264486c9f7480f11e63207b0c7e7bd762b389ef2be3e665db16a53b2dde1

MD5 hash:

4427f30f91038cbeb9f33ddfffbbcdc7

SHA1 hash:

f242e10e056c20e19afafb178b1d79cf9e36b775

Link:

https://www.unpac.me/results/56d00d70-9db4-43c7-a05d-ecb201884691/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2a47264486c9f7480f11e63207b0c7e7bd762b389ef2be3e665db16a53b2dde1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/264502/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample