Overview

overview

10

Static

static

10

4ab907c722...18.dll

windows7-x64

3

4ab907c722...18.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ab907c722d00723f5f55dae03be6410_JaffaCakes118

  • Size

    199KB

  • Sample

    240516-m1m1aahf25

  • MD5

    4ab907c722d00723f5f55dae03be6410

  • SHA1

    c5c58241c209ef47e57ea048075f81407bdd5f20

  • SHA256

    152fd7b857db8e07272d5fb3f5f8a9bca526ee106570afc63ea41ef7674181b8

  • SHA512

    d515d7f3d958b1ec0349436cea484629b6fc4a862e3a5d296eca34d0b1d05f5e604fa14cb69f6bfacbd024f8d80e7e73a503591cb0fa60e017880d58fc85362c

  • SSDEEP

    3072:HNEfMCK7JqusgLiKG5TnN7FgkQB7R80kUzRe5/1:SfM5dS/JBN7jiR80VY

Score
10/10
cobaltstrike0

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://110.10.179.213:8088/IE9CompatViewList.xml

Attributes
  • crypto_scheme

    256

  • host

    110.10.179.213,/IE9CompatViewList.xml

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    60000

  • port_number

    8088

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqV4v/OdZBujplgVP2KouEDq0nf1699rohHD6jA+nDOS0f2jO84N5BRBp2kGS+chClRzWVU4KZ8sDOONLJ0VQ3y6Vo9aB9MOH6f/UU4yL4cSFk5IQBj4I854NRj9y3WXvdhyyrfowpc1XHxil0BNeNRMtNPMaZws9jnITvsxoqywIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MANM; MANM)

  • watermark

    0

Targets

    • Target

      4ab907c722d00723f5f55dae03be6410_JaffaCakes118

    • Size

      199KB

    • MD5

      4ab907c722d00723f5f55dae03be6410

    • SHA1

      c5c58241c209ef47e57ea048075f81407bdd5f20

    • SHA256

      152fd7b857db8e07272d5fb3f5f8a9bca526ee106570afc63ea41ef7674181b8

    • SHA512

      d515d7f3d958b1ec0349436cea484629b6fc4a862e3a5d296eca34d0b1d05f5e604fa14cb69f6bfacbd024f8d80e7e73a503591cb0fa60e017880d58fc85362c

    • SSDEEP

      3072:HNEfMCK7JqusgLiKG5TnN7FgkQB7R80kUzRe5/1:SfM5dS/JBN7jiR80VY

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks