General

  • Target

    22bc0e8c95dca396a412c45b6233b02c_JaffaCakes118

  • Size

    206KB

  • MD5

    22bc0e8c95dca396a412c45b6233b02c

  • SHA1

    de1bc0e6152193a8fbdb29abdad5c3a933c715ee

  • SHA256

    0c7b2e2279ca5f4e1f16a21ce90a0595dfaf7e9c8ea30d48239d6760c7b43052

  • SHA512

    b91a73f77eb206ed79abd6dd2a17739a238dc2809fafba9d26fd677e2ee3cfd81fa668d9d955eef6847de80271cd0b5a5d7abfa4264ea930bc68ef3ed4c29f61

  • SSDEEP

    3072:nryYXMJJciFoSYMoXYQlwfv/gF8jua3PX4Ns5drwolUtFmcL5euN:lXkiq4wfv4Kjnv+srwosFz

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://185.80.92.4:9797/cm

Attributes
  • access_type

    512

  • crypto_scheme

    256

  • host

    185.80.92.4,/cm

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    60000

  • port_number

    9797

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDE57ppXv4CLwKzFQQLDyu1ky37pGF7nnK1ak3yE+l6i2uB3tb+9x8MTWaa7rZ3TKO6RRm1bIGrhBuCVlkMH0hKOcxriBucfY3tu+cZU4vP+edeoe/Hp9ugUUOexiPOuTYmK9vI0gvfzOkRy8z4s3BEWJ7O6Gk4mZjwioV5ybOSwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; InfoPath.2)

  • watermark

    0

Signatures

  • Cobaltstrike family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 22bc0e8c95dca396a412c45b6233b02c_JaffaCakes118
    .dll windows:5 windows x86 arch:x86

    0bc418575efc832b308d227b31192688


    Headers

    Imports

    Exports

    Sections