General
-
Target
e134bca3704fcb507dc6b6524114417c_JaffaCakes118
-
Size
278KB
-
Sample
240406-lcmtyafh28
-
MD5
e134bca3704fcb507dc6b6524114417c
-
SHA1
a84bda8a918c8ee57f665ee7afce1df8a4289fe8
-
SHA256
ef4008effed1c6251e52ca8ea9db6dd7dfad35aaa84ced8335225c9d8d77ac84
-
SHA512
e6b4256e3e1b659494eea41f04a109ad0eacb2dfb4ee797836a3f5c6ecd731ea3b1726fcddaa69b21de1c2fc990f4bc0c85f4ebb40d0aabcf41fc914218331d5
-
SSDEEP
6144:AR9K7cARH27K66cKAz4M0csFdpZvTtLyI/wsa:AbK7LRH27K6lDqLFHZvTtLf/j
Static task
static1
Behavioral task
behavioral1
Sample
e134bca3704fcb507dc6b6524114417c_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e134bca3704fcb507dc6b6524114417c_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
426352781
http://101.99.90.100:443/chunk-responsive-underlinenav-0ff33106.js
-
access_type
512
-
beacon_type
2048
-
host
101.99.90.100,/chunk-responsive-underlinenav-0ff33106.js
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAQSG9zdDogZ2l0aHViLmNvbQAAAAoAAAAcUmVmZXJlcjogaHR0cHM6Ly9naXRodWIuY29tLwAAAAoAAAAtQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwO3E9MS4wLCAqO3E9MC41AAAABwAAAAAAAAANAAAAAgAAAAlfX2NmZHVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAQSG9zdDogZ2l0aHViLmNvbQAAAAoAAAAcUmVmZXJlcjogaHR0cHM6Ly9naXRodWIuY29tLwAAAAoAAAAtQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwO3E9MS4wLCAqO3E9MC41AAAABwAAAAAAAAAPAAAADQAAAAUAAAAIX19jZmR1aWQAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
1280
-
polling_time
45000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZTb0Ql3gSVQxRRUPq7wOFkOVv3j1+y/kNCVrB5bhk6vnDeqhfuvQSWJ/ohX70qnHxwkbx8Ik4XmTGG6f1mAJkuXJmeaenXJELm1b/uxCzAk3ecsnrIOMxz4aJ39Hr5iciHbFoCfnOV6S0K1vRl7T9GSDFlgfZAyLrjsYExQIm9wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.983152384e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAEUAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/behaviors-1cbe5abc.js
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
-
watermark
426352781
Targets
-
-
Target
e134bca3704fcb507dc6b6524114417c_JaffaCakes118
-
Size
278KB
-
MD5
e134bca3704fcb507dc6b6524114417c
-
SHA1
a84bda8a918c8ee57f665ee7afce1df8a4289fe8
-
SHA256
ef4008effed1c6251e52ca8ea9db6dd7dfad35aaa84ced8335225c9d8d77ac84
-
SHA512
e6b4256e3e1b659494eea41f04a109ad0eacb2dfb4ee797836a3f5c6ecd731ea3b1726fcddaa69b21de1c2fc990f4bc0c85f4ebb40d0aabcf41fc914218331d5
-
SSDEEP
6144:AR9K7cARH27K66cKAz4M0csFdpZvTtLyI/wsa:AbK7LRH27K6lDqLFHZvTtLf/j
Score10/10 -