General
-
Target
2023-08-23_9865fe282de45bd96d0eff05e080f5c3_cobalt-strike_cobaltstrike_JC.exe
-
Size
208KB
-
Sample
230907-wysx7acg8x
-
MD5
9865fe282de45bd96d0eff05e080f5c3
-
SHA1
67a7ef0714611c2c9bdad40eab9bb1c8ff566693
-
SHA256
17ae5a05fd1fe648ddd767e9d03ff5f3e085169c79bca6bec5991746e4734f95
-
SHA512
7cec2553e73a3914886f6ca4fbca0f7fb91598963710000483b6bcac7d1823979b525a85582831587ac28ee887b04573a18a92e690d74e6d6fedb706ce416711
-
SSDEEP
6144:O443XR4S38CWBeBxi66thkbAzLks1YarGR8ej4rC5Jj:2MLMBIz+YLks1YarGR8PWj
Behavioral task
behavioral1
Sample
2023-08-23_9865fe282de45bd96d0eff05e080f5c3_cobalt-strike_cobaltstrike_JC.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2023-08-23_9865fe282de45bd96d0eff05e080f5c3_cobalt-strike_cobaltstrike_JC.dll
Resource
win10v2004-20230831-en
Malware Config
Extracted
cobaltstrike
100000
http://service-6wt8xswb-1307888624.sh.apigw.tencentcs.com:80/api/x
-
access_type
512
-
host
service-6wt8xswb-1307888624.sh.apigw.tencentcs.com,/api/x
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
2000
-
port_number
80
-
sc_process32
%windir%\syswow64\WerFault.exe
-
sc_process64
%windir%\sysnative\WerFault.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcVn/Q1SFs8Ez3qpSw7HyCwZiGhfB0U4kaa+1QVehZQy62WbutdsfQ0+ucTt66SPOSbI192ts2jp0oHkI1lRpdPunUCA+8fFXuNdCb/ZsbA5bRQZhZHTQE9gwGgF4ieb6elCAW3WaUH34pVeB4bE0PVUC/4DF//A6AJQRdhCOX1QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/y
-
user_agent
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.1)
-
watermark
100000
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
2023-08-23_9865fe282de45bd96d0eff05e080f5c3_cobalt-strike_cobaltstrike_JC.exe
-
Size
208KB
-
MD5
9865fe282de45bd96d0eff05e080f5c3
-
SHA1
67a7ef0714611c2c9bdad40eab9bb1c8ff566693
-
SHA256
17ae5a05fd1fe648ddd767e9d03ff5f3e085169c79bca6bec5991746e4734f95
-
SHA512
7cec2553e73a3914886f6ca4fbca0f7fb91598963710000483b6bcac7d1823979b525a85582831587ac28ee887b04573a18a92e690d74e6d6fedb706ce416711
-
SSDEEP
6144:O443XR4S38CWBeBxi66thkbAzLks1YarGR8ej4rC5Jj:2MLMBIz+YLks1YarGR8PWj
Score10/10 -