cobaltstrike

General

Target

e134bca3704fcb507dc6b6524114417c_JaffaCakes118
Size

278KB
Sample

240406-lcmtyafh28
MD5

e134bca3704fcb507dc6b6524114417c
SHA1

a84bda8a918c8ee57f665ee7afce1df8a4289fe8
SHA256

ef4008effed1c6251e52ca8ea9db6dd7dfad35aaa84ced8335225c9d8d77ac84
SHA512

e6b4256e3e1b659494eea41f04a109ad0eacb2dfb4ee797836a3f5c6ecd731ea3b1726fcddaa69b21de1c2fc990f4bc0c85f4ebb40d0aabcf41fc914218331d5
SSDEEP

6144:AR9K7cARH27K66cKAz4M0csFdpZvTtLyI/wsa:AbK7LRH27K6lDqLFHZvTtLf/j

Score

10^/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

426352781

C2

http://101.99.90.100:443/chunk-responsive-underlinenav-0ff33106.js

Attributes

access_type
512
beacon_type
2048
host
101.99.90.100,/chunk-responsive-underlinenav-0ff33106.js
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAQSG9zdDogZ2l0aHViLmNvbQAAAAoAAAAcUmVmZXJlcjogaHR0cHM6Ly9naXRodWIuY29tLwAAAAoAAAAtQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwO3E9MS4wLCAqO3E9MC41AAAABwAAAAAAAAANAAAAAgAAAAlfX2NmZHVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAAQSG9zdDogZ2l0aHViLmNvbQAAAAoAAAAcUmVmZXJlcjogaHR0cHM6Ly9naXRodWIuY29tLwAAAAoAAAAtQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwO3E9MS4wLCAqO3E9MC41AAAABwAAAAAAAAAPAAAADQAAAAUAAAAIX19jZmR1aWQAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
1280
polling_time
45000
port_number
443
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZTb0Ql3gSVQxRRUPq7wOFkOVv3j1+y/kNCVrB5bhk6vnDeqhfuvQSWJ/ohX70qnHxwkbx8Ik4XmTGG6f1mAJkuXJmeaenXJELm1b/uxCzAk3ecsnrIOMxz4aJ39Hr5iciHbFoCfnOV6S0K1vRl7T9GSDFlgfZAyLrjsYExQIm9wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
3.983152384e+09
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAEUAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/behaviors-1cbe5abc.js
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
watermark
426352781

Targets

- Target
  
  e134bca3704fcb507dc6b6524114417c_JaffaCakes118
- Size
  
  278KB
- MD5
  
  e134bca3704fcb507dc6b6524114417c
- SHA1
  
  a84bda8a918c8ee57f665ee7afce1df8a4289fe8
- SHA256
  
  ef4008effed1c6251e52ca8ea9db6dd7dfad35aaa84ced8335225c9d8d77ac84
- SHA512
  
  e6b4256e3e1b659494eea41f04a109ad0eacb2dfb4ee797836a3f5c6ecd731ea3b1726fcddaa69b21de1c2fc990f4bc0c85f4ebb40d0aabcf41fc914218331d5
- SSDEEP
  
  6144:AR9K7cARH27K66cKAz4M0csFdpZvTtLyI/wsa:AbK7LRH27K6lDqLFHZvTtLf/j
Score

10^/10

cobaltstrike 426352781 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2