MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3499e847373725d2924a5914b9ac861fda3c53b31ca5cfcaa02b9363f205774. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	a3499e847373725d2924a5914b9ac861fda3c53b31ca5cfcaa02b9363f205774
SHA3-384 hash:	f2e3d31c43003c73c39582b7f5bc1eb3b1ecf4482f0eda4cf6fa3d9dc4be5fb0e20c7f7e9ab446068ff963ea6839e251
SHA1 hash:	fdc2b562fca2445c0804548315c61b7bc50176bc
MD5 hash:	e8e26af11ed7f85a67c7a8c883fbd704
humanhash:	three-failed-xray-bulldog
File name:	a3499e847373725d2924a5914b9ac861fda3c53b31ca5cfcaa02b9363f205774.bin
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	429'056 bytes
First seen:	2021-07-29 07:31:35 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	fbe702755e2fb4e20a84826fa92fd750 (2 x CryptBot, 1 x DanaBot, 1 x CobaltStrike)
ssdeep	6144:a4WXu2IZ8UO63rJbPR+iYiUjCkqnMaD+HtGsrnk6slH4qJr6j9xU3WHLalj7RKjo:+XZIZTxrD+y/MoYIwEH4qJyrUmrahHd
Threatray	3'755 similar samples on MalwareBazaar
TLSH	T10194BF30B7A1C039F5F722F459B593A9A93A3DB1AB3450CF12D42AEE16346E1AC30757
dhash icon	ead8ac9cc6e68ee0 (118 x RaccoonStealer, 102 x RedLineStealer, 46 x Smoke Loader)
Reporter	JAMESWT_WT
Tags:	185.123.53.33 CobaltStrike exe

Intelligence

File Origin

# of uploads :

# of downloads :

497

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

a3499e847373725d2924a5914b9ac861fda3c53b31ca5cfcaa02b9363f205774.bin

Verdict:

Suspicious activity

Analysis date:

2021-07-29 07:35:34 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/12d11ca2-8cee-4f9f-9025-ac5e0929d1c6

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/174886/

Detection(s):

Win.Packed.Generic-9881681-0

Win.Packed.Generic-9881693-0

Win.Packed.Mokes-9881739-0

Win.Packed.Mokes-9881749-0

Win.Packed.Mokes-9881758-0

Win.Packed.Mokes-9881903-0

Win.Packed.Mokes-9881941-0

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

CobaltStrike

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/cd668cce-dd5f-4201-853b-893e3180a6d7

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/823614

Signature

Contains functionality to inject code into remote processes

Detected unpacking (changes PE section rights)

Detected unpacking (creates a PE file in dynamic memory)

Detected unpacking (overwrites its own PE header)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

Yara detected Powershell download and execute

Behaviour

Behavior Graph:

Download SVG

Gathering data

Threat name:

Win32.Trojan.Glupteba

Status:

Malicious

First seen:

2021-07-27 09:42:50 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

35 of 46 (76.09%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

CobaltStrike

2231fe26243e074c03019cb2e2a4f25c0ef60bc9e82022f3e88fc77c4bf18102

CobaltStrike

40aa02a45bf04b6c7933179a4749624bf992ea0eabe6beb59de50bc0c5a25c5d

CobaltStrike

5701a3c3a5ba47dfdf1fa7b70335419c2889b6649d30964145f68815920f7616

CobaltStrike

5aedcd88018ef8f4a70a04ca259e7f2a087fde8ef98c7bbe21b1d511dd00a731

CobaltStrike

604aa76cd82be8fbee97f4ac48f9f53c79a1b94b7ba8b80cbd820781af29443b

CobaltStrike

ba1e40a772acdd71dc1e47b4f9ab2767868fd959f072a55c00da383a590c160f

CobaltStrike

e95a5072b5ea6d8392293d20e71ff452e9863200d786e8c80d65c5f01d14e768

CobaltStrike

ea2395f76f2bb596baa84ede5acca6e8d64ad2580990e04212ec77ac1503e78d

CobaltStrike

+ 3'745 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike botnet:0 backdoor trojan

Link:

https://tria.ge/reports/210729-t1lk72b6ns/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Cobaltstrike

Malware Config

C2 Extraction:

http://185.123.53.33:443/IE9CompatViewList.xml

Unpacked files

SH256 hash:

ef20163ced2d1c4a3c85a3574362bcc8abb5ee54c45482ffda02e4cb11220ceb

MD5 hash:

a135ddd6359f90370bbd88c8b8f29a62

SHA1 hash:

7ca4952bda52360f5348c5adf5032575ca44ca0c

Link:

https://www.unpac.me/results/bb0fed3f-e073-4d80-bf42-e049ab6cc2c0/

SH256 hash:

5a1d96c45b179d6febd8755aae53eba0e68a991c9ef4a4370f238ebb51afbfcc

MD5 hash:

ee5875cc43a0891f48440e0ede878c1c

SHA1 hash:

60bbbca14ed483588decf9d0867b9ac2834f638f

Link:

https://www.unpac.me/results/bb0fed3f-e073-4d80-bf42-e049ab6cc2c0/

SH256 hash:

a3499e847373725d2924a5914b9ac861fda3c53b31ca5cfcaa02b9363f205774

MD5 hash:

e8e26af11ed7f85a67c7a8c883fbd704

SHA1 hash:

fdc2b562fca2445c0804548315c61b7bc50176bc

Link:

https://www.unpac.me/results/bb0fed3f-e073-4d80-bf42-e049ab6cc2c0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a3499e847373725d2924a5914b9ac861fda3c53b31ca5cfcaa02b9363f205774

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/174886/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample