General
-
Target
2024-04-16_99f750b15c273bb888d0bb11c86c0c5c_cobalt-strike_cobaltstrike_havex
-
Size
290KB
-
Sample
240416-sn1y9seh5z
-
MD5
99f750b15c273bb888d0bb11c86c0c5c
-
SHA1
b97892305ac6353ee218c1d802688913cf6c865f
-
SHA256
6c532be11353a774ff7fc6cc73b631f971f8b5ab587f3200aef5a17740b53421
-
SHA512
8a55fa8a4b9ba516aef5cb57bba7f2697290ee8016be00693ada53544a459d540fefd6769a6976201732dbebecf881f6ebd3947488a1d4d7e74aa8bbd6c3b223
-
SSDEEP
6144:lP7hsJqVG5d1IpMyibgkTZI6jHID90apBXrH/:ljhs3d6tevoxZBXL
Behavioral task
behavioral1
Sample
2024-04-16_99f750b15c273bb888d0bb11c86c0c5c_cobalt-strike_cobaltstrike_havex.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-16_99f750b15c273bb888d0bb11c86c0c5c_cobalt-strike_cobaltstrike_havex.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
cobaltstrike
666666
http://10.135.246.179:8086/include/template/isx.php
-
access_type
512
-
host
10.135.246.179,/include/template/isx.php
-
http_header1
AAAACgAAAB5SZWZlcmVyOiBodHRwOi8vd3d3Lmdvb2dsZS5jb20AAAAKAAAAa0FjY2VwdDogdGV4dC94bWwsYXBwbGljYXRpb24veG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCx0ZXh0L2h0bWw7cT0wLjksdGV4dC9wbGFpbjtxPTAuOCxpbWFnZS9wbmcsKi8qO3E9MC41AAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuO3E9MC41AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
500
-
port_number
8086
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLsKDyNbWXC1vdebN+IGKik2TmjTOiBw/iq/HwoaKRYeKMsdpitFzXxAJa3VH7JQaLcz0kQOrItOwtnaPkMTSblDrelDu/444rTJ1Nv3gL11SwvztWubt6oYJjRN2GWphUyuWtatcuvK7DuL6ZaR7fuoprMhH4P2628uSDEC7a5wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.998553344e+09
-
unknown2
AAAABAAAAAEAAAAWAAAAAgAAAIAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/includes/phpmailer/class.pop3.php
-
user_agent
Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08
-
watermark
666666
Targets
-
-
Target
2024-04-16_99f750b15c273bb888d0bb11c86c0c5c_cobalt-strike_cobaltstrike_havex
-
Size
290KB
-
MD5
99f750b15c273bb888d0bb11c86c0c5c
-
SHA1
b97892305ac6353ee218c1d802688913cf6c865f
-
SHA256
6c532be11353a774ff7fc6cc73b631f971f8b5ab587f3200aef5a17740b53421
-
SHA512
8a55fa8a4b9ba516aef5cb57bba7f2697290ee8016be00693ada53544a459d540fefd6769a6976201732dbebecf881f6ebd3947488a1d4d7e74aa8bbd6c3b223
-
SSDEEP
6144:lP7hsJqVG5d1IpMyibgkTZI6jHID90apBXrH/:ljhs3d6tevoxZBXL
Score1/10 -