Genel Bakış

Havoc C2, EDR atlatmaya odaklanır.

MalwareBazaar İstihbarat Verileri

Hash Örnekleri (İlk 50)

SHA256MD5İlk GörülmeTipBoyut
4022133358853a9c4216... 419b2c2d7736b04a... 2025-12-03 zip 391.249
3458082ad2e29cefc189... e744f962bf4d5c5f... 2025-01-23 ps1 2.710
4d04aecf158205a3e0ad... 74d44231ab81164d... 2025-01-23 ps1 2.706
d0d2e19b39dbb5ffc71a... b73b011b3033255f... 2025-01-23 exe 102.400
66a98821b64e43f30618... e6b523974cac93d8... 2025-01-23 exe 102.400
56d3329deccf04fd4734... 551946ef51f09df6... 2024-12-13 unknown 103.935
0cebfb34206b3d06790f... ac808a0f7eaea2b2... 2024-12-13 unknown 103.935

IOC Özeti

  • Bu analiz 7 adet benzersiz HavocC2 örneğini kapsar.
  • Toplam 14 hash IOC kayıt altına alındı.
  • Kampanya aktivitesi: 2024-12-13 ile 2025-12-03 arasında tespit edildi.

HavocC2 — Malware Profile

Havoc C2 framework 2022. vboxguest vboxmouse vmware VM triple detect. Global GUID mutex. DLP browser bypass modülü.

Malware Type
C2Framework
Programming Language
C/C++
C2 Protocol
HTTPS
Target Systems
Windows/Linux

Capabilities & Behavior

Post-Exploitation
Lateral Movement
Mimikatz Entegrasyonu
Process Injection
Payload Staging
Domain Fronting
Covert Channel C2
Beacon İletişimi

IOC List (28 indicators)

IOC — HavocC2
# SHA256 4022133358853a9c42167dbd4493195146cb54f06a6e023b170ab1cccc5c00a1 # SHA256 4022133358853a9c42167dbd4493195146cb54f06a6e023b170ab1cccc5c00a1 # SHA256 3458082ad2e29cefc189cde5ce067458e5227c3ac12f7fa1b1e1c1f3578f32b8 # SHA256 3458082ad2e29cefc189cde5ce067458e5227c3ac12f7fa1b1e1c1f3578f32b8 # SHA256 4d04aecf158205a3e0ad7e3e0a69d79a36f9902860746f1310e76d3e2bc06826 # SHA256 4d04aecf158205a3e0ad7e3e0a69d79a36f9902860746f1310e76d3e2bc06826 # SHA256 d0d2e19b39dbb5ffc71abfde8f5eaa79973eb61e869cc4617ac48469c240d25f # SHA256 d0d2e19b39dbb5ffc71abfde8f5eaa79973eb61e869cc4617ac48469c240d25f # SHA256 66a98821b64e43f3061881120e253bc9d8ec5eed853cfebfcf81b371b3b8c2fe # SHA256 66a98821b64e43f3061881120e253bc9d8ec5eed853cfebfcf81b371b3b8c2fe # SHA256 56d3329deccf04fd47348b7e630ff917b14c1c944a225b2337fb4ba614455722 # SHA256 56d3329deccf04fd47348b7e630ff917b14c1c944a225b2337fb4ba614455722 # SHA256 0cebfb34206b3d06790fa7a8ac7ff76ac8d302d0f2b5b3c285428c8bea78df53 # SHA256 0cebfb34206b3d06790fa7a8ac7ff76ac8d302d0f2b5b3c285428c8bea78df53 # MD5 419b2c2d7736b04a647391dc14d1aa74 # MD5 419b2c2d7736b04a647391dc14d1aa74 # MD5 e744f962bf4d5c5f7ba75935a0576689 # MD5 e744f962bf4d5c5f7ba75935a0576689 # MD5 74d44231ab81164d658199884f1fe041 # MD5 74d44231ab81164d658199884f1fe041 # MD5 b73b011b3033255fa2d6a723be4f403a # MD5 b73b011b3033255fa2d6a723be4f403a # MD5 e6b523974cac93d8c3d3c566f9029fe5 # MD5 e6b523974cac93d8c3d3c566f9029fe5 # MD5 551946ef51f09df63feea377335a211f # MD5 551946ef51f09df63feea377335a211f # MD5 ac808a0f7eaea2b267e68b56ec868d60 # MD5 ac808a0f7eaea2b267e68b56ec868d60
TypeValueNote
sha256 4022133358853a9c42167dbd4493195146cb54f06a6e023b170ab1cccc5c00a1 MB:HavocC2
sha256 4022133358853a9c42167dbd4493195146cb54f06a6e023b170ab1cccc5c00a1 MB:HavocC2
sha256 3458082ad2e29cefc189cde5ce067458e5227c3ac12f7fa1b1e1c1f3578f32b8 MB:HavocC2
sha256 3458082ad2e29cefc189cde5ce067458e5227c3ac12f7fa1b1e1c1f3578f32b8 MB:HavocC2
sha256 4d04aecf158205a3e0ad7e3e0a69d79a36f9902860746f1310e76d3e2bc06826 MB:HavocC2
sha256 4d04aecf158205a3e0ad7e3e0a69d79a36f9902860746f1310e76d3e2bc06826 MB:HavocC2
sha256 d0d2e19b39dbb5ffc71abfde8f5eaa79973eb61e869cc4617ac48469c240d25f MB:HavocC2
sha256 d0d2e19b39dbb5ffc71abfde8f5eaa79973eb61e869cc4617ac48469c240d25f MB:HavocC2
sha256 66a98821b64e43f3061881120e253bc9d8ec5eed853cfebfcf81b371b3b8c2fe MB:HavocC2
sha256 66a98821b64e43f3061881120e253bc9d8ec5eed853cfebfcf81b371b3b8c2fe MB:HavocC2
sha256 56d3329deccf04fd47348b7e630ff917b14c1c944a225b2337fb4ba614455722 MB:HavocC2
sha256 56d3329deccf04fd47348b7e630ff917b14c1c944a225b2337fb4ba614455722 MB:HavocC2
sha256 0cebfb34206b3d06790fa7a8ac7ff76ac8d302d0f2b5b3c285428c8bea78df53 MB:HavocC2
sha256 0cebfb34206b3d06790fa7a8ac7ff76ac8d302d0f2b5b3c285428c8bea78df53 MB:HavocC2
md5 419b2c2d7736b04a647391dc14d1aa74 MB:HavocC2
md5 419b2c2d7736b04a647391dc14d1aa74 MB:HavocC2
md5 e744f962bf4d5c5f7ba75935a0576689 MB:HavocC2
md5 e744f962bf4d5c5f7ba75935a0576689 MB:HavocC2
md5 74d44231ab81164d658199884f1fe041 MB:HavocC2
md5 74d44231ab81164d658199884f1fe041 MB:HavocC2
md5 b73b011b3033255fa2d6a723be4f403a MB:HavocC2
md5 b73b011b3033255fa2d6a723be4f403a MB:HavocC2
md5 e6b523974cac93d8c3d3c566f9029fe5 MB:HavocC2
md5 e6b523974cac93d8c3d3c566f9029fe5 MB:HavocC2
md5 551946ef51f09df63feea377335a211f MB:HavocC2
md5 551946ef51f09df63feea377335a211f MB:HavocC2
md5 ac808a0f7eaea2b267e68b56ec868d60 MB:HavocC2
md5 ac808a0f7eaea2b267e68b56ec868d60 MB:HavocC2
Tags
bulkiocmalwarebazaarc2 frameworkhavocc2