MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a27734578daa0ece490f3df8fef37d7218bd91e0d786021c6fa51ebfb40d782d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	a27734578daa0ece490f3df8fef37d7218bd91e0d786021c6fa51ebfb40d782d
SHA3-384 hash:	0991a6e1eeb980a42568c58d86b07df16c574fb340f1823f6c83dd3bc608c708d8745f41cc82ebbb1dca211de0183dd4
SHA1 hash:	79f660ffe33e3a158202eb90800b88e948db1467
MD5 hash:	8d6b5daa3dbd2cecf334e1daef15674f
humanhash:	fruit-maine-nine-may
File name:	8d6b5daa3dbd2cecf334e1daef15674f.exe
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	141'824 bytes
First seen:	2023-03-04 06:14:50 UTC
Last seen:	2023-03-04 07:28:50 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	6cc67e1b4c782dc2b07f26a430d4f88e (1 x Sliver, 1 x CobaltStrike)
ssdeep	3072:Kuk09Pu3p7Rmun0nwJ6Pas57lUJnzhNA+wnXjc:hkNdRmu0nwsyYu8+wzc
Threatray	315 similar samples on MalwareBazaar
TLSH	T1F5D38D07F3F631F9D173C974C8A15649E7B1743603219FAF079886AA2E276D09E39B21
TrID	48.7% (.EXE) Win64 Executable (generic) (10523/12/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter	abuse_ch
Tags:	CobaltStrike exe

Intelligence

File Origin

# of uploads :

# of downloads :

276

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

cobaltstrike

ID:

File name:

8d6b5daa3dbd2cecf334e1daef15674f.exe

Verdict:

Malicious activity

Analysis date:

2023-03-04 06:17:07 UTC

Tags:

cobaltstrike

Link:

https://app.any.run/tasks/8d513b00-65f5-422c-95c5-d1f017602f01

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

CobaltStrikeStager

Link:

https://www.capesandbox.com/analysis/371574/

Detection(s):

SecuriteInfo.com.Win64.TrojanX-gen.15373.10430.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Launching the default Windows debugger (dwwin.exe)

Searching for the window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

cobalt greyware

Link:

https://www.filescan.io/uploads/6402e1e903b144271569c4fb/reports/49f2b4e4-0498-4531-a21f-475edf0da4c1/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/a27734578daa0ece490f3df8fef37d7218bd91e0d786021c6fa51ebfb40d782d

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/dd53872a-c8b6-448c-8b5e-816618aadc2a

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1187024

Signature

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a27734578daa0ece490f3df8fef37d7218bd91e0d786021c6fa51ebfb40d782d/

Threat name:

Win64.Backdoor.CobaltStrikeBeacon

Status:

Malicious

First seen:

2023-03-04 06:40:31 UTC

File Type:

PE+ (Exe)

AV detection:

14 of 25 (56.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uj3tiv4nvihm4siphx4p5435oiml3epa26daehdpuupl7nanpawq._file

Verdict:

malicious

Label(s):

cobaltstrike

CobaltStrike

35bcc6e1410f3b7ef95301d996f5713e6811fc09b98edeb51d0222cbe099ce14

CobaltStrike

93b0f19011468a4864c114bcbcfc55f460e2c789b14ea893c26ce450d3c21a9e

CobaltStrike

a0410b34f9a1161434b2df05470e2bc5d917ad44e419fe9d6a5008e3e3898b47

CobaltStrike

bc74b5b8a64345852af7d6d693558529f4aaaca0d9547aa57279b1cbe998ab70

CobaltStrike

ee44c0692fd2ab2f01d17ca4b58ca6c7f79388cbc681f885bb17ec946514088c

CobaltStrike

ef6c768e35b2b443c17acec0088c935fdb593567f2a0494ca34f87ff3bcbb529

CobaltStrike

+ 305 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/230304-gzw9nscd4t/

Behaviour

Program crash

Cobaltstrike

Malware Config

C2 Extraction:

http://tibenorote.com:443/static-directory/fr.gif

Unpacked files

SH256 hash:

a27734578daa0ece490f3df8fef37d7218bd91e0d786021c6fa51ebfb40d782d

MD5 hash:

8d6b5daa3dbd2cecf334e1daef15674f

SHA1 hash:

79f660ffe33e3a158202eb90800b88e948db1467

Link:

https://www.unpac.me/results/6307dd70-1cbf-471a-97cf-d1bafffcf191/

Malware family:

CobaltStrike

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/a27734578daa/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a27734578daa0ece490f3df8fef37d7218bd91e0d786021c6fa51ebfb40d782d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/371574/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample