Overview

overview

10

Static

static

3

0b53f1c66e...18.exe

windows7-x64

10

0b53f1c66e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b53f1c66e255223f4962035a8ba5b0e_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240328-vn4q9sbd4w

  • MD5

    0b53f1c66e255223f4962035a8ba5b0e

  • SHA1

    b450af6e77b99ab8f9216c1db90d0caae2e2f040

  • SHA256

    7a169c9eda4879c35dca3f065754b72ceba151704d1bfc133478677064b5f883

  • SHA512

    1541c1cad121d4324e363d6fd5402972c4962429e659b914bc3ccf2785c0fff6657f734ff7d60419e34ed74ea7809ba15d6a548d3e9d35c361e4952599529222

  • SSDEEP

    49152:cNV9bmhH441v510Vks2izb4L5KZsF8JcEHM50no:wV96m80VknuXmt

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://apt.freelinuxupdate.tk:2053/bootstrap-2.min.js

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)

Targets

    • Target

      0b53f1c66e255223f4962035a8ba5b0e_JaffaCakes118

    • Size

      2.6MB

    • MD5

      0b53f1c66e255223f4962035a8ba5b0e

    • SHA1

      b450af6e77b99ab8f9216c1db90d0caae2e2f040

    • SHA256

      7a169c9eda4879c35dca3f065754b72ceba151704d1bfc133478677064b5f883

    • SHA512

      1541c1cad121d4324e363d6fd5402972c4962429e659b914bc3ccf2785c0fff6657f734ff7d60419e34ed74ea7809ba15d6a548d3e9d35c361e4952599529222

    • SSDEEP

      49152:cNV9bmhH441v510Vks2izb4L5KZsF8JcEHM50no:wV96m80VknuXmt

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks