MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ae4fa96ff3527bf4ea380cbcab19b7e9b0d77c3596d08f74b18b7b843ead231. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ae4fa96ff3527bf4ea380cbcab19b7e9b0d77c3596d08f74b18b7b843ead231
SHA3-384 hash: 2f7561dade297deaa81b54b8683922295f15705d5228b48932edc09790c5d52b8a0610c24d98918000d2962174a218f1
SHA1 hash: 72bce426b56988b225862cc6611abb53150bfbc6
MD5 hash: bb0edcf312622f518415b85deec29be4
humanhash: timing-east-utah-black
File name:shell.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:25'088 bytes
First seen:2022-08-03 07:31:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 45d51bb2a26e8506fa017fe49072c102 (1 x CobaltStrike)
ssdeep 384:phVnJLbKVANB44FcFcn6VVR7sLLocyLJOPYxY6GhX+:BnZK+4Dw65s309a1X
Threatray 1'872 similar samples on MalwareBazaar
TLSH T1F7B23B3FA753A4F9C64759708AEB16F1BA7339A0167041390F60E5B01F22A60BDDDB62
TrID 43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
27.5% (.EXE) Win64 Executable (generic) (10523/12/4)
13.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) OS/2 Executable (generic) (2029/13)
5.2% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter JAMESWT_WT
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
680
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
shell.exe
Verdict:
No threats detected
Analysis date:
2022-08-03 08:05:49 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/93166092-dc33-43f1-93a4-813958eb5929

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/296095/
Detection(s):
SecuriteInfo.com.Variant.Bulz.803428.3930.28849.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Sending an HTTP GET request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/62ea24bb5c07b66577f18f09/reports/f5d9c064-5c1a-4c56-83e7-0c88c1fbbbb1/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Cobalt Strike
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f0abbc2a-2f2b-4911-b7a0-98f37e268915
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1045447
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found API chain indicative of debugger detection
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
cobaltstrike
Create hunting rule
Link:
https://mwdb.cert.pl/sample/3ae4fa96ff3527bf4ea380cbcab19b7e9b0d77c3596d08f74b18b7b843ead231/
Threat name:
Win64.Backdoor.CobaltStrikeBeacon
Create hunting rule
Status:
Malicious
First seen:
2022-08-03 07:32:06 UTC
File Type:
PE+ (Exe)
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hlspvfx7gut36tvdqdf4vmm3p2nq256dlfwqr52ldc33qq7k2iyq._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
163ed9127c4215f7963066a7266168101d03393ca72cd3516b9063dad75c33c1
CobaltStrike
50961ee399fc45bdfcec9201e069417a8bd00bc38bd1707a32c65451c33a17da
CobaltStrike
63791a89341405f3c2bfa9454358dc970156cd21a8c69a58cff48b97e991e07c
CobaltStrike
6818881fa2f414dd471e2bbbd5d0321c94e66089737a603f6dc55d6f38b2f487
CobaltStrike
703c9237856738e87683ba32d983cbf8e5db2e284553190ee768d0ebb0a0580a
CobaltStrike
7a542cc9772e7433293f2633d019a9f4459ac516a06d5512ba886aeca6c6fa86
CobaltStrike
a210787ffd0a6a918cd8c950ce6b5af178902b2e5a49799e0a17d8b25200ca6f
CobaltStrike
+ 1'862 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/220803-jcykbshfbl/
Behaviour
Modifies system certificate store
Cobaltstrike
Unpacked files
SH256 hash:
3ae4fa96ff3527bf4ea380cbcab19b7e9b0d77c3596d08f74b18b7b843ead231
MD5 hash:
bb0edcf312622f518415b85deec29be4
SHA1 hash:
72bce426b56988b225862cc6611abb53150bfbc6
Link:
https://www.unpac.me/results/20f4f04b-b751-4a3c-8b67-0a7d101e8420/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3ae4fa96ff3527bf4ea380cbcab19b7e9b0d77c3596d08f74b18b7b843ead231

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe 3ae4fa96ff3527bf4ea380cbcab19b7e9b0d77c3596d08f74b18b7b843ead231

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/296095/
  
URLhaus
https://urlhaus.abuse.ch/url/2264294/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2264304/

Comments