General
-
Target
ff06d1812ad723343f60dc7b40e3089b_JaffaCakes118
-
Size
189KB
-
Sample
240421-l1tx6agd64
-
MD5
ff06d1812ad723343f60dc7b40e3089b
-
SHA1
475effd879e0d577913a623181212b6eceb9613b
-
SHA256
4154008a1ff2b7259b7b1646edd033567c082329f148e404220b14fe4f96203f
-
SHA512
cd70a59b3a2a5033787ad847fe31b5348e4577565b91717efa310a90cd7d83313af758abfdd1d0e5e9ca66d9b73024b278ff56803cf3bad1c474716e5b01b4f1
-
SSDEEP
3072:6AVrI/nenTbRRrbuYT0Bpd6xzUsOXQcBkyT6cgJnch3ebQ3XVmsbgf5s4Iy:E/enTVRvuYTMd6uLXhBL14amsbm5J
Behavioral task
behavioral1
Sample
ff06d1812ad723343f60dc7b40e3089b_JaffaCakes118.ps1
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ff06d1812ad723343f60dc7b40e3089b_JaffaCakes118.ps1
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
1359593325
http://45.127.4.49:443/__utm.gif
-
access_type
512
-
host
45.127.4.49,/__utm.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfRWRgABz1br062oroLVkS3OJNr4Cls2zmttlUqZ653+/wkrvX8dXg7tV1jhmC1Y6UdW6eJzzeRLKc/TjNBa6t8Dm93+wodpN+qfcVxWXZms4tR1GkV2Wr42haxHFCFdxBfGQvo7cip00PA+2Dc28yxnrtH8GNglJCtZpRoU8FVwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)
-
watermark
1359593325
Targets
-
-
Target
ff06d1812ad723343f60dc7b40e3089b_JaffaCakes118
-
Size
189KB
-
MD5
ff06d1812ad723343f60dc7b40e3089b
-
SHA1
475effd879e0d577913a623181212b6eceb9613b
-
SHA256
4154008a1ff2b7259b7b1646edd033567c082329f148e404220b14fe4f96203f
-
SHA512
cd70a59b3a2a5033787ad847fe31b5348e4577565b91717efa310a90cd7d83313af758abfdd1d0e5e9ca66d9b73024b278ff56803cf3bad1c474716e5b01b4f1
-
SSDEEP
3072:6AVrI/nenTbRRrbuYT0Bpd6xzUsOXQcBkyT6cgJnch3ebQ3XVmsbgf5s4Iy:E/enTVRvuYTMd6uLXhBL14amsbm5J
Score10/10-
Blocklisted process makes network request
-