cobaltstrike | 6c532be11353a774ff7fc6cc73b631f971f8b5ab587f3200aef5a17740b53421

General

Target

2024-04-16_99f750b15c273bb888d0bb11c86c0c5c_cobalt-strike_cobaltstrike_havex
Size

290KB
Sample

240416-sn1y9seh5z
MD5

99f750b15c273bb888d0bb11c86c0c5c
SHA1

b97892305ac6353ee218c1d802688913cf6c865f
SHA256

6c532be11353a774ff7fc6cc73b631f971f8b5ab587f3200aef5a17740b53421
SHA512

8a55fa8a4b9ba516aef5cb57bba7f2697290ee8016be00693ada53544a459d540fefd6769a6976201732dbebecf881f6ebd3947488a1d4d7e74aa8bbd6c3b223
SSDEEP

6144:lP7hsJqVG5d1IpMyibgkTZI6jHID90apBXrH/:ljhs3d6tevoxZBXL

Score

10^/10

cobaltstrike 666666

Malware Config

Extracted

Family

cobaltstrike

Botnet

666666

C2

http://10.135.246.179:8086/include/template/isx.php

Attributes

access_type
512
host
10.135.246.179,/include/template/isx.php
http_header1
AAAACgAAAB5SZWZlcmVyOiBodHRwOi8vd3d3Lmdvb2dsZS5jb20AAAAKAAAAa0FjY2VwdDogdGV4dC94bWwsYXBwbGljYXRpb24veG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCx0ZXh0L2h0bWw7cT0wLjksdGV4dC9wbGFpbjtxPTAuOCxpbWFnZS9wbmcsKi8qO3E9MC41AAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuO3E9MC41AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
500
port_number
8086
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLsKDyNbWXC1vdebN+IGKik2TmjTOiBw/iq/HwoaKRYeKMsdpitFzXxAJa3VH7JQaLcz0kQOrItOwtnaPkMTSblDrelDu/444rTJ1Nv3gL11SwvztWubt6oYJjRN2GWphUyuWtatcuvK7DuL6ZaR7fuoprMhH4P2628uSDEC7a5wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.998553344e+09
unknown2
AAAABAAAAAEAAAAWAAAAAgAAAIAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/includes/phpmailer/class.pop3.php
user_agent
Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08
watermark
666666

Targets

- Target
  
  2024-04-16_99f750b15c273bb888d0bb11c86c0c5c_cobalt-strike_cobaltstrike_havex
- Size
  
  290KB
- MD5
  
  99f750b15c273bb888d0bb11c86c0c5c
- SHA1
  
  b97892305ac6353ee218c1d802688913cf6c865f
- SHA256
  
  6c532be11353a774ff7fc6cc73b631f971f8b5ab587f3200aef5a17740b53421
- SHA512
  
  8a55fa8a4b9ba516aef5cb57bba7f2697290ee8016be00693ada53544a459d540fefd6769a6976201732dbebecf881f6ebd3947488a1d4d7e74aa8bbd6c3b223
- SSDEEP
  
  6144:lP7hsJqVG5d1IpMyibgkTZI6jHID90apBXrH/:ljhs3d6tevoxZBXL
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2