General
-
Target
2024-04-25_e93cad8c90893dfdb94fe1700dd2a744_cobalt-strike_cobaltstrike
-
Size
372KB
-
Sample
240425-jq3ffaha2w
-
MD5
e93cad8c90893dfdb94fe1700dd2a744
-
SHA1
f4965174d349c87f6efe152644ef26479e6d27fb
-
SHA256
e7fce739ac3e9ee266bf405e92367729e6fe42d0389fba584d1ef8032c5f0dfc
-
SHA512
6fd3760b1f4042aa22006e07f8cc3bc16f343bf61f84a0c21c0e9f229638a689419e08b2de1a7f75466ffec9503b6e76031a032741f0ca0284734dd35bc015b0
-
SSDEEP
6144:AhJqKG5d1IpMyibgkTZI6jHID90axBXcH/bKdY:G6d6tevoxBBX6OdY
Behavioral task
behavioral1
Sample
2024-04-25_e93cad8c90893dfdb94fe1700dd2a744_cobalt-strike_cobaltstrike.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-04-25_e93cad8c90893dfdb94fe1700dd2a744_cobalt-strike_cobaltstrike.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
cobaltstrike
100000000
http://service-0xgb0mzs-1317544938.gz.tencentapigw.com.cn:443/api/x
-
access_type
512
-
beacon_type
2048
-
host
service-0xgb0mzs-1317544938.gz.tencentapigw.com.cn,/api/x
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
1000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTN3bT8NJ0fEKrdSBxYZaEUo+LHW1kw2GMEUQ57BVhsz9BfFMtncyRie6VuHQXiJjB+Qo380pgukMIHbJdnl/ctsiMNQetoFzFjNZomiRgBQK6ne30XZVdi8h5AAeq4bHdhV+SjcvmVZQXT5bqaHeZOxH9iB9CQiR0RuuZZS6I8wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/y
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
-
watermark
100000000
Targets
-
-
Target
2024-04-25_e93cad8c90893dfdb94fe1700dd2a744_cobalt-strike_cobaltstrike
-
Size
372KB
-
MD5
e93cad8c90893dfdb94fe1700dd2a744
-
SHA1
f4965174d349c87f6efe152644ef26479e6d27fb
-
SHA256
e7fce739ac3e9ee266bf405e92367729e6fe42d0389fba584d1ef8032c5f0dfc
-
SHA512
6fd3760b1f4042aa22006e07f8cc3bc16f343bf61f84a0c21c0e9f229638a689419e08b2de1a7f75466ffec9503b6e76031a032741f0ca0284734dd35bc015b0
-
SSDEEP
6144:AhJqKG5d1IpMyibgkTZI6jHID90axBXcH/bKdY:G6d6tevoxBBX6OdY
Score10/10-
Detects Reflective DLL injection artifacts
-