MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32d64cdf9b678df5db9840ad5fa1f94579360a688c68972463f111764d89823f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 32d64cdf9b678df5db9840ad5fa1f94579360a688c68972463f111764d89823f
SHA3-384 hash: 7a85fd2faabe52a2d7228fedbc840a5326c46767429c1969e9fbc30a6efcd6870a4e312ba8557e20f090431da597c5d8
SHA1 hash: 1afa7218c12261abbb5c573ac94878206f32a410
MD5 hash: c6ca04d31f5715229ff89bfbd16d0f7c
humanhash: whiskey-vermont-lion-mirror
File name:c6ca04d31f5715229ff89bfbd16d0f7c.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:1'281'536 bytes
First seen:2023-12-25 16:15:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4f2f006e2ecf7172ad368f8289dc96c1 (41 x SalatStealer, 40 x LummaStealer, 17 x CobaltStrike)
ssdeep 12288:rqoKJjlILLTb9DSyCC1HHxuTy2+9/i6kkkYsdQHRlBBN9QbDzdYb6Kax4/qP:G/J2RDSyCLf+3vZB0b/+mbx
TLSH T1D7553A077CD144BAD0BAA33689A261A1BA72BC590F3123C72E90B7783F76BD05E75744
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter abuse_ch
Tags:CobaltStrike exe


Avatar
abuse_ch
None C2:
47.109.102.98:443

Intelligence

File Origin
# of uploads :
1
# of downloads :
495
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/469311/
Detection(s):
Win.Malware.Rozena-9955820-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
golang monero rozena
Link:
https://www.filescan.io/uploads/6589aac3314dbc3b9b59f9f4/reports/82516419-6e68-4e32-94ef-f888d8900328/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/32d64cdf9b678df5db9840ad5fa1f94579360a688c68972463f111764d89823f
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
GoTitan
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3796562c-6aef-4100-b8ba-b03f82b9c8bf
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1366891
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Found malware configuration
Installs new ROOT certificates
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Potentially malicious time measurement code found
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Score:
86%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/32d64cdf9b678df5db9840ad5fa1f94579360a688c68972463f111764d89823f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/32d64cdf9b678df5db9840ad5fa1f94579360a688c68972463f111764d89823f/
Threat name:
Win64.Trojan.Rozena
Create hunting rule
Status:
Malicious
First seen:
2023-12-20 13:46:00 UTC
File Type:
PE+ (Exe)
AV detection:
19 of 23 (82.61%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gllezx43m6g7lw4yicwv7ipziv4tmctirrujojdd6eixmtmjqi7q._file
Verdict:
unknown
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/231225-tqsaksdhej/
Behaviour
Cobaltstrike
Malware Config
C2 Extraction:
http://47.109.102.98:443/M3cz
Unpacked files
SH256 hash:
32d64cdf9b678df5db9840ad5fa1f94579360a688c68972463f111764d89823f
MD5 hash:
c6ca04d31f5715229ff89bfbd16d0f7c
SHA1 hash:
1afa7218c12261abbb5c573ac94878206f32a410
Link:
https://www.unpac.me/results/c25dd2b3-8744-45d5-b07b-a1053e963793/
Malware family:
CobaltStrike
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/32d64cdf9b67/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/32d64cdf9b678df5db9840ad5fa1f94579360a688c68972463f111764d89823f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/469311/

Comments