MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3b71dfc0235bd33cd7d9d05db130acc2d4d4852522279aab9ceb5ea9f3d0ca9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	a3b71dfc0235bd33cd7d9d05db130acc2d4d4852522279aab9ceb5ea9f3d0ca9
SHA3-384 hash:	9502ce1c2db5492a5e8f607270e038e8f1f6fa3e20d6330514f0661016b797033a74342e074d6b80d6cbadc0a409bd76
SHA1 hash:	26dde61b440f231d98511b778c042b66e78f1d97
MD5 hash:	2abdf7d3caf3ef5e673c79e1e045ab1d
humanhash:	four-chicken-tango-dakota
File name:	a3b71dfc0235bd33cd7d9d05db130acc2d4d4852522279aab9ceb5ea9f3d0ca9
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	1'279'488 bytes
First seen:	2020-08-31 13:25:19 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	167344a4df394fbba605fc972e41437a (4 x CobaltStrike, 1 x GoCryptoLocker, 1 x Sodinokibi)
ssdeep	24576:RSOP4vLd7JA6bBJraUvcg9TpgEvGa2q5ibCK:YbLYe9F/Oa24ibCK
Threatray	119 similar samples on MalwareBazaar
TLSH	E6458C54ECEB58B1EA5613331CB792EF2335A20D1733AEC3CD085D76BA53AD10A26275
Reporter	JAMESWT_WT
Tags:	120.79.218.54 CobaltStrike

Intelligence

File Origin

# of uploads :

1

# of downloads :

87

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/53571/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Sending an HTTP GET request

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/455544

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Uses known network protocols on non-standard ports

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a3b71dfc0235bd33cd7d9d05db130acc2d4d4852522279aab9ceb5ea9f3d0ca9/

Threat name:

Win32.Trojan.Rozena

Status:

Malicious

First seen:

2020-08-24 20:07:55 UTC

File Type:

PE (Exe)

AV detection:

21 of 28 (75.00%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

0bcb3e0d5496e7211313a35799aa38d4b571d316014ebd2242ca8d556f9d32a3

39dca3fbd2f4684b95c0e46c833dcf6d95a0d7b53ede8e5a0a62a1d04bc37e0b

4b459c85c8425e368325d8844148e6a058d350374eb721a3da26c4e85ba26973

60b57a5e5fe515104f57a44c136e7ddaac0d72b099c3959a26493b8c47f66e3f

8a148932d87847341a5cc3e93ba144ea1332229a4334a951449b7458169533bc

8c195ec63793d4d4927cb5e06cd2c5771cedab32baecd2097454e3709e2748cc

c83163a6e61b2bf3852b426f8ccccac4044d57b2b4514125624632e836f51660

d6ad7fadcb2167a24e36bb0f9e668c95183c3c224bef5775bc06c5bc71b02616

f0bcf90c8a887b662d9413e62ff453dea774e520df15a6651eacad17eda434ac

f6e04b3710044f76666468559fd2b6688ccac091284d138e461c2257c387d7d3

+ 109 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

4/10

Tags:

n/a

Link:

https://tria.ge/reports/200831-8vfrqz7ynx/

Behaviour

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Drops file in Windows directory

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/a3b71dfc0235bd33cd7d9d05db130acc2d4d4852522279aab9ceb5ea9f3d0ca9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/53571/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample