cobaltstrike | b9efca96d451c0b4028b6081456c1ddd3035ab39e6a60bdd831bcf4a472a31ae | Triage

Sharing

General

Target

5e5a6694b033f14fed329a8fd3886058_JaffaCakes118
Size

213KB
Sample

240520-le61ladd39
MD5

5e5a6694b033f14fed329a8fd3886058
SHA1

0d8a0b78b8664a9ea1c27b9cb661d07d78a00286
SHA256

b9efca96d451c0b4028b6081456c1ddd3035ab39e6a60bdd831bcf4a472a31ae
SHA512

a24361f07b8bfe32bbdb04a36f5ba2d4ca9f6908dca696672525e93399d894cdf1ac2554ad2ea40a71f992c00a7f62fbd040c59b2e94fab3ea9f75841225b676
SSDEEP

6144:n6/JifuzopvB+QUosuiPJwvKrJXtaFixzDdYew9fhHKjOL:MJimzavdUHhMSJQARDdYewBt5

Score

10^/10

cobaltstrike 1873433027 execution

Malware Config

Extracted

Family

cobaltstrike

Botnet

1873433027

C2

http://188.166.25.156:80/jquery-3.3.1.min.js

Attributes

access_type
512
dns_idle
1.908702538e+09
host
188.166.25.156,/jquery-3.3.1.min.js
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAVSG9zdDogY29kZS5qcXVlcnkuY29tAAAACgAAACBSZWZlcmVyOiBodHRwOi8vY29kZS5qcXVlcnkuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAANAAAAAgAAAAlfX2NmZHVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAVSG9zdDogY29kZS5qcXVlcnkuY29tAAAACgAAACBSZWZlcmVyOiBodHRwOi8vY29kZS5qcXVlcnkuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAPAAAADQAAAAUAAAAIX19jZmR1aWQAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
21760
maxdns
255
polling_time
30000
port_number
80
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCK0VWohbXIm5DxZh3LcoAKnDW07WXkCESqmrkKYbDb8fHEdi4hCP/OzF1sM+IuG46AmzibigINOthSREecTe2fb+K5lJUpXE89PnGQLx+UMRxG9+0iO5Lwl0oIAtlI6Mq3gsB6KmqNQQ68sFjL1nygriJDu9CQ52S8kHIrm1buHQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.234810624e+09
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/jquery-3.3.2.min.js
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36
watermark
1873433027

Targets

- Target
  
  5e5a6694b033f14fed329a8fd3886058_JaffaCakes118
- Size
  
  213KB
- MD5
  
  5e5a6694b033f14fed329a8fd3886058
- SHA1
  
  0d8a0b78b8664a9ea1c27b9cb661d07d78a00286
- SHA256
  
  b9efca96d451c0b4028b6081456c1ddd3035ab39e6a60bdd831bcf4a472a31ae
- SHA512
  
  a24361f07b8bfe32bbdb04a36f5ba2d4ca9f6908dca696672525e93399d894cdf1ac2554ad2ea40a71f992c00a7f62fbd040c59b2e94fab3ea9f75841225b676
- SSDEEP
  
  6144:n6/JifuzopvB+QUosuiPJwvKrJXtaFixzDdYew9fhHKjOL:MJimzavdUHhMSJQARDdYewBt5
Score

3^/10

execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

1873433027cobaltstrike

behavioral1

behavioral2