MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4379aad7a920fea59a8f6233f47de514e7ba3783d6ae3c230f458142fa9ae9c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4379aad7a920fea59a8f6233f47de514e7ba3783d6ae3c230f458142fa9ae9c3
SHA3-384 hash: c728b404422f06bd15d40f2ff8e918a747269a1ddb8b390e22cb3f16fe37bb515f4a14819b89fd539981c8457790d184
SHA1 hash: 2fafa4da809aa41602119237c84c3446043c32b6
MD5 hash: cf3027fa4e3d5597487691dff1831b97
humanhash: muppet-eighteen-missouri-seventeen
File name:cf3027fa4e3d5597487691dff1831b97.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:156'168 bytes
First seen:2021-02-24 15:40:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c7bd397771181510ed9dd92897ea74c5 (3 x CobaltStrike)
ssdeep 3072:LrW1+PlAoE3DqKQevDXHoX6zr/YRr4FfNv9KWOeQ175Xo:0WpETNQevzIX6zWrfeQ17C
Threatray 618 similar samples on MalwareBazaar
TLSH CAE3591B76A9B0E7E032897984550E09D733B8331761DB9F0360916E6E2BBD05E3EB71
Reporter abuse_ch
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
525
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cf3027fa4e3d5597487691dff1831b97.exe
Verdict:
No threats detected
Analysis date:
2021-02-24 15:58:16 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/05788622-d821-4935-af80-02f06e25d762

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Artemis.4780.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Changing a file
DNS request
Sending a UDP request
Sending an HTTP GET request
Sending a TCP request to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/616910
Signature
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4379aad7a920fea59a8f6233f47de514e7ba3783d6ae3c230f458142fa9ae9c3/
Threat name:
Win64.Backdoor.Bazaarloader
Create hunting rule
Status:
Malicious
First seen:
2021-02-19 11:40:58 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=in42vv5jed7klgupmiz7i7pfctt3un4d22xdyiypiwauf6u25hbq._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c
CobaltStrike
55c7a0ec28ac9319b3d2245882007c7c1f72b3f44970d24c6d5c355f993d1fb9
CobaltStrike
6fc2d85f11a802fd6abca3bd24c3b97af10671772c884a743c6e623382cefd88
CobaltStrike
836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599
CobaltStrike
a93eb70cc4152e32cd3a39fda968b2da5ade48453927410a0d520f2d13223d11
CobaltStrike
ca00167290891c622745230d52c813ab8e25f18d2106f18fb6dc2594383b58d8
CobaltStrike
cb01f31a322572035cf19f6cda00bcf1d8235dcc692588810405d0fc6e8d239c
CobaltStrike
e0952195d73431802bf22dad462b2fffda7ae4f4e384aad8e326b0c6404fb5bf
CobaltStrike
ede75c0a88d80043f79025dfd8ef91c3d1b01a1613f4a0347b2ceb29f8b19578
CobaltStrike
f25295fc7d3435f80f39e602465da255ee0ace3d845315dac8731873adff894d
CobaltStrike
+ 608 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/210224-4sqn789r3s/
Behaviour
Modifies system certificate store
Cobaltstrike
Malware Config
C2 Extraction:
http://hdhuge.com:443/files/remove.gif
http://hdhuge.com:443/skin
Unpacked files
SH256 hash:
4379aad7a920fea59a8f6233f47de514e7ba3783d6ae3c230f458142fa9ae9c3
MD5 hash:
cf3027fa4e3d5597487691dff1831b97
SHA1 hash:
2fafa4da809aa41602119237c84c3446043c32b6
Link:
https://www.unpac.me/results/ee224d76-c548-4296-aab6-3273d2a7f294/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:megacortex_rietspoof
Create hunting rule
Author:jeFF0Falltrades

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe 4379aad7a920fea59a8f6233f47de514e7ba3783d6ae3c230f458142fa9ae9c3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1019883/
  
Delivery method
Distributed via web download

Comments