Overview

overview

10

Static

static

3

1e1735bff2...18.exe

windows7-x64

10

1e1735bff2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e1735bff2d3c91b471c36ea563014b8_JaffaCakes118

  • Size

    3.2MB

  • Sample

    240329-k3j1asdf8w

  • MD5

    1e1735bff2d3c91b471c36ea563014b8

  • SHA1

    5eb30dfa2fdc41d34c0a52da384aa531331c6343

  • SHA256

    84c8bb6a84391404ae1ab0dc9760d87a35253bb4638b20156eb3dc1aeccb8e99

  • SHA512

    964251a36457435095fea7b674d2eb30ea6fcb9ef66fa1ccfa6dc884beac6d577fdd26b0d45e2855d3ab77707db4d9b39410749fd61b395cf71a30c35d5cfaf5

  • SSDEEP

    49152:RQiViH+n1gyPrKWiCSE7Mf6L5WZsF8JrxIsnT:OiI8NKWiCLgXh

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://apt.freelinuxupdate.tk:2053/bootstrap-2.min.js

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)

Targets

    • Target

      1e1735bff2d3c91b471c36ea563014b8_JaffaCakes118

    • Size

      3.2MB

    • MD5

      1e1735bff2d3c91b471c36ea563014b8

    • SHA1

      5eb30dfa2fdc41d34c0a52da384aa531331c6343

    • SHA256

      84c8bb6a84391404ae1ab0dc9760d87a35253bb4638b20156eb3dc1aeccb8e99

    • SHA512

      964251a36457435095fea7b674d2eb30ea6fcb9ef66fa1ccfa6dc884beac6d577fdd26b0d45e2855d3ab77707db4d9b39410749fd61b395cf71a30c35d5cfaf5

    • SSDEEP

      49152:RQiViH+n1gyPrKWiCSE7Mf6L5WZsF8JrxIsnT:OiI8NKWiCLgXh

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks