MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a72a126f3a637b0102c656a3308121fbcf6d8fb97841ca1a87f04a6e994fa776. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CobaltStrike

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	a72a126f3a637b0102c656a3308121fbcf6d8fb97841ca1a87f04a6e994fa776
SHA3-384 hash:	d0d8f4acf040f118f219a62fe5317ec668643dba11b42ef1825b9f8242149399ca6c45603526e7479d7a454e4ce595e4
SHA1 hash:	f87cce9349a2ab85477952a882a75ab8f8cf983a
MD5 hash:	d493b228b6b83177c71efa8819b80122
humanhash:	stairway-harry-louisiana-glucose
File name:	a72a126f3a637b0102c656a3308121fbcf6d8fb97841ca1a87f04a6e994fa776
Download:	download sample
Signature	CobaltStrike Create hunting rule
File size:	22'528 bytes
First seen:	2022-02-24 14:35:28 UTC
Last seen:	2022-02-24 16:47:14 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9872fc764efdf6171ece2599d004b1a4 (1 x CobaltStrike)
ssdeep	384:oumrpltKDN4Vg80yYvzPV1O43xwiX9Fj2gn8spxa:obK54VgHzv7V1LBb9n8sz
Threatray	1'536 similar samples on MalwareBazaar
TLSH	T16AA2D81E631B4EDCE6EDA23E4F360BD75723B4207F24AADB938003191B2EAD6443B415
Reporter	JAMESWT_WT
Tags:	CobaltStrike exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

624

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/244353/

Detection(s):

SecuriteInfo.com.generic.ml.26915.8818.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/7315/overview

Behaviour

MalwareBazaar

MeasuringTime

EvasionQueryPerformanceCounter

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/621797dca6f52d32f181c626/reports/209b9384-4e5c-4338-983d-b5770cce7fa5/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/ee044c9f-df88-4139-b5d3-fc2b21865b02

Result

Threat name:

CobaltStrike

Detection:

malicious

Classification:

troj

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/945796

Signature

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Found malware configuration

Yara detected CobaltStrike

Behaviour

Behavior Graph:

Detection:

cobaltstrike

Link:

https://mwdb.cert.pl/sample/a72a126f3a637b0102c656a3308121fbcf6d8fb97841ca1a87f04a6e994fa776/

Threat name:

Win64.Backdoor.CobaltStrikeBeacon

Status:

Malicious

First seen:

2022-02-24 14:36:14 UTC

File Type:

PE+ (Exe)

Extracted files:

1

AV detection:

19 of 28 (67.86%)

Threat level:

5/5

Verdict:

malicious

Label(s):

cobaltstrike

Similar samples:

00906f1cf709f6591880f952da59f41a3019944d23824e000592fe7de035c446

0ecf5a2c06c78f79bc20180e1be1c9e41487b5789b1af712ebb7ed6091486536

1b11ae98b85bb0645abe36adcd852e6e84b51c6b5c811729f3c19f14f32d4e4f

8438bfbb9c978de4f342a3ed19551f735343a9c1ed0c8610a332a83918cb5985

954944ef6cdd1474ed35f27b790a7914156672cc7a1afbcc3214ccc1855ff12e

971c693bc67cf7b4b9655282b815bc1ba10ee937f1736ba1ef5fdb7aea392f6c

bb4efe96748fcc28b827fc297d060c3ab32053cfb8ea506f8c97000debd22121

d1d0c9d1ee7b800d491c9fb3fc94b93e5c59d903a4debb092846c46481077ae0

e8d4bf2dc68074adf01dc003d51de3842994ae07fa88c370e8d29f1c27d9c407

+ 1'526 additional samples on MalwareBazaar

Result

Malware family:

cobaltstrike

Score:

10/10

Tags:

family:cobaltstrike backdoor trojan

Link:

https://tria.ge/reports/220224-rykvcsdbf3/

Behaviour

Cobaltstrike

Malware Config

C2 Extraction:

http://162.14.110.99:50001/jquery-3.3.2.slim.min.js

Unpacked files

SH256 hash:

a72a126f3a637b0102c656a3308121fbcf6d8fb97841ca1a87f04a6e994fa776

MD5 hash:

d493b228b6b83177c71efa8819b80122

SHA1 hash:

f87cce9349a2ab85477952a882a75ab8f8cf983a

Link:

https://www.unpac.me/results/be5b075d-1228-45ce-8ba4-50a00adebfa9/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a72a126f3a637b0102c656a3308121fbcf6d8fb97841ca1a87f04a6e994fa776

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/244353/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample