General

  • Target

    5e5a6694b033f14fed329a8fd3886058_JaffaCakes118

  • Size

    213KB

  • Sample

    240520-le61ladd39

  • MD5

    5e5a6694b033f14fed329a8fd3886058

  • SHA1

    0d8a0b78b8664a9ea1c27b9cb661d07d78a00286

  • SHA256

    b9efca96d451c0b4028b6081456c1ddd3035ab39e6a60bdd831bcf4a472a31ae

  • SHA512

    a24361f07b8bfe32bbdb04a36f5ba2d4ca9f6908dca696672525e93399d894cdf1ac2554ad2ea40a71f992c00a7f62fbd040c59b2e94fab3ea9f75841225b676

  • SSDEEP

    6144:n6/JifuzopvB+QUosuiPJwvKrJXtaFixzDdYew9fhHKjOL:MJimzavdUHhMSJQARDdYewBt5

Malware Config

Extracted

Family

cobaltstrike

Botnet

1873433027

C2

http://188.166.25.156:80/jquery-3.3.1.min.js

Attributes
  • access_type

    512

  • dns_idle

    1.908702538e+09

  • host

    188.166.25.156,/jquery-3.3.1.min.js

  • http_header1

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAVSG9zdDogY29kZS5qcXVlcnkuY29tAAAACgAAACBSZWZlcmVyOiBodHRwOi8vY29kZS5qcXVlcnkuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAANAAAAAgAAAAlfX2NmZHVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAVSG9zdDogY29kZS5qcXVlcnkuY29tAAAACgAAACBSZWZlcmVyOiBodHRwOi8vY29kZS5qcXVlcnkuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAPAAAADQAAAAUAAAAIX19jZmR1aWQAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    21760

  • maxdns

    255

  • polling_time

    30000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCK0VWohbXIm5DxZh3LcoAKnDW07WXkCESqmrkKYbDb8fHEdi4hCP/OzF1sM+IuG46AmzibigINOthSREecTe2fb+K5lJUpXE89PnGQLx+UMRxG9+0iO5Lwl0oIAtlI6Mq3gsB6KmqNQQ68sFjL1nygriJDu9CQ52S8kHIrm1buHQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.234810624e+09

  • unknown2

    AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /jquery-3.3.2.min.js

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36

  • watermark

    1873433027

Targets

    • Target

      5e5a6694b033f14fed329a8fd3886058_JaffaCakes118

    • Size

      213KB

    • MD5

      5e5a6694b033f14fed329a8fd3886058

    • SHA1

      0d8a0b78b8664a9ea1c27b9cb661d07d78a00286

    • SHA256

      b9efca96d451c0b4028b6081456c1ddd3035ab39e6a60bdd831bcf4a472a31ae

    • SHA512

      a24361f07b8bfe32bbdb04a36f5ba2d4ca9f6908dca696672525e93399d894cdf1ac2554ad2ea40a71f992c00a7f62fbd040c59b2e94fab3ea9f75841225b676

    • SSDEEP

      6144:n6/JifuzopvB+QUosuiPJwvKrJXtaFixzDdYew9fhHKjOL:MJimzavdUHhMSJQARDdYewBt5

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks