MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 723427427eaa43fbe3aafce325a18201b65141627181484b2d5f4a1632aabdfb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 12

Intelligence 12 IOCs YARA 3 File information Comments

SHA256 hash:	723427427eaa43fbe3aafce325a18201b65141627181484b2d5f4a1632aabdfb
SHA3-384 hash:	3f69ffdc8afa187802004bc0fd099712dcba038dc9b7b0456371955e5938fb1955743426eeec4e5b79be7c8b3c0d4ab0
SHA1 hash:	134433a6ee2f6e66581cfa3293b81f2426d476a6
MD5 hash:	e33ef1ece2038f0874d2662147a18637
humanhash:	freddie-fruit-earth-virginia
File name:	CTjxhc.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	763'392 bytes
First seen:	2023-08-09 06:38:49 UTC
Last seen:	2024-03-21 10:19:19 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	24fe2f678dd508b74816c233dea97e95 (1 x CobaltStrike)
ssdeep	12288:3YwTnLASvKmugvdYIUPmnqS7dKQqubrv1+opslV0B4+8:3LIgvyxmqS7drR1+opslE
Threatray	391 similar samples on MalwareBazaar
TLSH	T1CCF48D4E9D77B1BFFB49207BA05E82D1E6561B420A2C8DFF40AAF0340D658715D2A73E
TrID	63.5% (.EXE) Win64 Executable (generic) (10523/12/4) 12.2% (.EXE) OS/2 Executable (generic) (2029/13) 12.0% (.EXE) Generic Win/DOS Executable (2002/3) 12.0% (.EXE) DOS Executable Generic (2000/1)
Reporter	Anonymous
Tags:	Cobalt Strike exe

Intelligence

File Origin

# of uploads :

# of downloads :

321

Origin country :

Vendor Threat Intelligence

Detection:

CobaltStrikeBeacon

Link:

https://www.capesandbox.com/analysis/441498/

Detection(s):

SecuriteInfo.com.Win64.MalwareX-gen.32650.22785.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

DNS request

Sending a custom TCP request

Gathering data

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/723427427eaa43fbe3aafce325a18201b65141627181484b2d5f4a1632aabdfb

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/5d2deb48-6785-4498-9c30-400878075c0b

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/1288284

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Download SVG

Detection:

cobaltstrike

Link:

https://mwdb.cert.pl/sample/723427427eaa43fbe3aafce325a18201b65141627181484b2d5f4a1632aabdfb/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=oi2coqt6vjb7xy5k7trslimcag3fcqlcogauqsznl5fbmmvkxx5q._file

Verdict:

malicious

Label(s):

cobaltstrike

CobaltStrike

1c308125a5365620d1cd9d58d2564897d1b5113bb81fe8b9e770bcffeb571079

CobaltStrike

2c593089c490455039542e64826356d85ca09c1e2dba673b5a9aa7814bd17959

CobaltStrike

497f6f7e21dd3e9622c7cd9f96bb5359284cd21c24ea3faa99520397b911a08e

CobaltStrike

53c31c1987e6d560be5ed2cea896b4f7053aa9719ad9e9909bff6cf503b7921d

CobaltStrike

66f99d00978c99f2b5025ad213732f1543365a5cd55949736fa51552c21d25fa

CobaltStrike

8356f3fd326f41fcfbbc17c9fa1a81abe75aae2831b364bf6f6a100a2bebc5c2

CobaltStrike

992f98e70bc5bdfbb7c2c2f3250caf97f831619ac56f0aca3f67dccdb923f94e

CobaltStrike

f092970f8d406e0d01052e36238c3826d8392397802638af877a8d98ee6c9724

CobaltStrike

f6c2a34e3a85581ae83b048b0e66efd5bf6afb895b09ee4c38e61a219c549847

CobaltStrike

+ 381 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:100000 backdoor trojan

Link:

https://tria.ge/reports/230809-hel4msbb7z/

Behaviour

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Cobaltstrike

Malware Config

C2 Extraction:

http://service-59jl6939-1312220615.sh.apigw.tencentcs.com:443/webindex/index.html

Unpacked files

SH256 hash:

723427427eaa43fbe3aafce325a18201b65141627181484b2d5f4a1632aabdfb

MD5 hash:

e33ef1ece2038f0874d2662147a18637

SHA1 hash:

134433a6ee2f6e66581cfa3293b81f2426d476a6

Link:

https://www.unpac.me/results/bad6d277-9b32-408f-b7c5-19f72aadcdef/

Malware family:

CobaltStrike

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/723427427eaa/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/723427427eaa43fbe3aafce325a18201b65141627181484b2d5f4a1632aabdfb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BitcoinAddress Create hunting rule
Author:	Didier Stevens (@DidierStevens)
Description:	Contains a valid Bitcoin address

Rule name:	cobalt_strike_tmp01925d3f Create hunting rule
Author:	The DFIR Report
Description:	files - file ~tmp01925d3f.exe
Reference:	https://thedfirreport.com

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/441498/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample