General
-
Target
2023-08-22_d0d1ede925af99a08fd475a4ba7e076f_cobalt-strike_cobaltstrike_havex_JC.exe
-
Size
208KB
-
Sample
230903-qbzjkaad64
-
MD5
d0d1ede925af99a08fd475a4ba7e076f
-
SHA1
7c318dbe3e492e376f6fe1a4d2b3da89dd673a6d
-
SHA256
8af4c35ce2fbaa68c1736fc69073acb459e7c2094dd9f6dd9ce611eb3168c195
-
SHA512
30f4face351b2a5809351a53c27e6db180f92943bd9928c9b8c226ade586b336bd0da8b48420d8bc6df32c15ce091c97b757cc135a2f09b1cfceecee81db9df0
-
SSDEEP
3072:1I6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUmY53:1IDff9D8C6XYRw6MT2DEj
Malware Config
Extracted
cobaltstrike
100000
http://23.254.224.214:37/wp08/wp-includes/dtcla.php
-
access_type
512
-
host
23.254.224.214,/wp08/wp-includes/dtcla.php
-
http_header1
AAAACgAAAB5SZWZlcmVyOiBodHRwOi8vd3d3Lmdvb2dsZS5jb20AAAAKAAAAa0FjY2VwdDogdGV4dC94bWwsYXBwbGljYXRpb24veG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCx0ZXh0L2h0bWw7cT0wLjksdGV4dC9wbGFpbjtxPTAuOCxpbWFnZS9wbmcsKi8qO3E9MC41AAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuO3E9MC41AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
30000
-
port_number
37
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEJ39XXQo7+2qnM4SOBZoEKZ4spyE7rCEKE0laTxIe4O9UCVuUwg52szr4xzvc3fYdirCMjUeQ7IJimZEg21CAXAfeDHQ3wc/KzeHbBTCBzt9trisW7VjKKfuVQGvUDd8rznbdx+QTcxYpHVEWqx8qQoDaLdNFLK2mEo+T1mstuQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.998553344e+09
-
unknown2
AAAABAAAAAEAAAAWAAAAAgAAAIAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/modules/mod_search.php
-
user_agent
Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08
-
watermark
100000
Targets
-
-
Target
2023-08-22_d0d1ede925af99a08fd475a4ba7e076f_cobalt-strike_cobaltstrike_havex_JC.exe
-
Size
208KB
-
MD5
d0d1ede925af99a08fd475a4ba7e076f
-
SHA1
7c318dbe3e492e376f6fe1a4d2b3da89dd673a6d
-
SHA256
8af4c35ce2fbaa68c1736fc69073acb459e7c2094dd9f6dd9ce611eb3168c195
-
SHA512
30f4face351b2a5809351a53c27e6db180f92943bd9928c9b8c226ade586b336bd0da8b48420d8bc6df32c15ce091c97b757cc135a2f09b1cfceecee81db9df0
-
SSDEEP
3072:1I6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUmY53:1IDff9D8C6XYRw6MT2DEj
Score3/10 -