Overview

overview

10

Static

static

10

60fd32d8c6...18.dll

windows7-x64

3

60fd32d8c6...18.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    60fd32d8c60ba3b9be0af61a83ac8c42_JaffaCakes118

  • Size

    202KB

  • Sample

    240520-y2gensfe43

  • MD5

    60fd32d8c60ba3b9be0af61a83ac8c42

  • SHA1

    e3046df847f1f5dc933077045875b9118d7b0719

  • SHA256

    0d04607bfaf064061f5f10fb4c7335ee79d773a7eee879eee6fde48f0a37faf8

  • SHA512

    2ab0136c8403e0bbdde961305b8e563c194936bd1aff81ed8ba624d1583339133c86c371db34eed514495dd68deae047815e1050b95ca150e37c3d07ee6af7e3

  • SSDEEP

    3072:Pjh9N4a1j712h9Td2+1lxvTeZna8xUhUbT15E:PjdFKdoSxvixTxUA

Score
10/10
cobaltstrike0

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://39.109.5.64:443/activity

Attributes
  • access_type

    512

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    39.109.5.64,/activity

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    60000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEs862SQtKdXfNnUT6fTKG0qo28B0MnsXZhbAL/3Ce3dksZKv0LKWo0MO0S4csnvyxw68f9i4IjxFQan1pzq8hyT9mshbzGy/8K+znpJal5nc8p9ESrnUivQh5Pz/llOD4kZi602juNy77nfrx+y0qWZLand28ru2+n1Q654O73QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; InfoPath.2)

  • watermark

    0

Targets

    • Target

      60fd32d8c60ba3b9be0af61a83ac8c42_JaffaCakes118

    • Size

      202KB

    • MD5

      60fd32d8c60ba3b9be0af61a83ac8c42

    • SHA1

      e3046df847f1f5dc933077045875b9118d7b0719

    • SHA256

      0d04607bfaf064061f5f10fb4c7335ee79d773a7eee879eee6fde48f0a37faf8

    • SHA512

      2ab0136c8403e0bbdde961305b8e563c194936bd1aff81ed8ba624d1583339133c86c371db34eed514495dd68deae047815e1050b95ca150e37c3d07ee6af7e3

    • SSDEEP

      3072:Pjh9N4a1j712h9Td2+1lxvTeZna8xUhUbT15E:PjdFKdoSxvixTxUA

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks