General
-
Target
f9ae6f0176d3f38a907d621919388bf7_JaffaCakes118
-
Size
278KB
-
Sample
240419-g2k97abg51
-
MD5
f9ae6f0176d3f38a907d621919388bf7
-
SHA1
0100c78b500f842281cb0636681d0617d0246265
-
SHA256
216c8471db4ab3a785f395c8c059d767798a6ffd5fbbf6e72f745ea506bd1cd9
-
SHA512
696d9107075e9303500fd5772979bc7c9892b4ec412c2883e07e075fbaa32e2e26b7e852490a8509a7db449cd1a87d79c4ddc2408e5c96509233af700fd2bab2
-
SSDEEP
6144:wRzoaqryHIowleF0Lp7vq1ylc7nx9xN7pWP+t:wuTrwhwleFMp+gWplW
Static task
static1
Behavioral task
behavioral1
Sample
f9ae6f0176d3f38a907d621919388bf7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f9ae6f0176d3f38a907d621919388bf7_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
cobaltstrike
0
http://185.123.53.33:445/pixel.gif
-
beacon_type
2048
-
host
185.123.53.33,/pixel.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
445
-
proxy_server
http://inmhpproxy.glenmark.com:8080
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCR1sSjQUoWv/fUOK4QtaYgrXkn+RzEi0QGnblQccy7TGIelt2AjMIyBBeaXYSn1Cd+iDxoiyCtq34RWyEZ+C8dSmePvG7E2WjiqSYm7wZA71W/Ucwkn4Fu2FJ49m02M+/e86xFByv5JK4BSTbaLLMBQKyGT0e/5DSUlfcb16B9JwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)
-
watermark
0
Targets
-
-
Target
f9ae6f0176d3f38a907d621919388bf7_JaffaCakes118
-
Size
278KB
-
MD5
f9ae6f0176d3f38a907d621919388bf7
-
SHA1
0100c78b500f842281cb0636681d0617d0246265
-
SHA256
216c8471db4ab3a785f395c8c059d767798a6ffd5fbbf6e72f745ea506bd1cd9
-
SHA512
696d9107075e9303500fd5772979bc7c9892b4ec412c2883e07e075fbaa32e2e26b7e852490a8509a7db449cd1a87d79c4ddc2408e5c96509233af700fd2bab2
-
SSDEEP
6144:wRzoaqryHIowleF0Lp7vq1ylc7nx9xN7pWP+t:wuTrwhwleFMp+gWplW
Score10/10 -