cobaltstrike

General

Target

6b6ebf1923001878daa1fbf09640655c_JaffaCakes118
Size

219KB
Sample

240523-s5szzsga6z
MD5

6b6ebf1923001878daa1fbf09640655c
SHA1

d0c22d0277cea08f176d3b0e0cb030947e21851c
SHA256

fc4c45524b459ee65fff5e9bc484cb1209cf89cff5e9e5a534d439533a95ceed
SHA512

c195f8e15b63b9dfc4d890c79545450309080bbaed618a42faa428877b01562a5db25644615ce442cc2560739fec9b14b8036bea7ed144b48ef5e0581a969149
SSDEEP

6144:8m168FmCFsPeN8fdoIg4j5T0MJHYV1o6ckOnNyjtnlQ:8iwvmN8fKl4j5AMJ13k+NulQ

Score

10^/10

cobaltstrike 0 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://103.140.238.125:443/directory/all/tags/dcf598ca-b5de-47d4-af33-ecabe9eaeee1

Attributes

access_type
512
beacon_type
2048
dns_sleep
2.68468224e+09
host
103.140.238.125,/directory/all/tags/dcf598ca-b5de-47d4-af33-ecabe9eaeee1
http_header1
AAAACQAAAAlvZz1hcHBfaWQAAAAQAAAAE0hvc3Q6IHd3dy50d2l0Y2gudHYAAAAKAAAAIEFjY2VwdDogdGV4dC9wbGFpbjtjaGFyc2V0PVVURi04AAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAACktpbU5lNzhLY3gAAAABAAAADTZ3S2k1ZlhBcDMxa28AAAAGAAAACUNsaWVudC1JZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAAEAAAABNIb3N0OiBncWwudHdpdGNoLnR2AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAABAAAAAwAAAAIAAAAeInF1ZXJ5IjoiY3Mgb25saW5lIiwib3B0aW9ucyI6AAAAAQAAAB4sImV4dGVuc2lvbnMiOiJwZXJzaXN0ZWRRdWVyeSIAAAAEAAAABwAAAAAAAAANAAAAAgAAAA82MFUycjNySVloSDZ6aS0AAAABAAAAFC1DNnMyd08waFNZU2tvZ2hLUT09AAAABgAAAAlDbGllbnQtSWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
6144
maxdns
244
polling_time
63141
port_number
443
sc_process32
%windir%\syswow64\mfpmp.exe
sc_process64
%windir%\sysnative\mfpmp.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNhBzcit/pmBVAe4IwGwtIADckSNF/F9EmZgXqGW+PWWQ7mAicB1pieRhSfoJwgPGsj8H5+fE1YfgVgalNRGbGqByhw4GfTv0bbeLr0oqNmUP/pP6TLaAcgV0EP0rFGUdDDXI/RHXAIor7jCGC0vfnQ9mrjtbIN99tWb+YYW8pbQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.645355008e+09
unknown2
AAAABAAAAAEAAAY4AAAAAgAADCoAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/gql
user_agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
watermark
0

Targets

- Target
  
  6b6ebf1923001878daa1fbf09640655c_JaffaCakes118
- Size
  
  219KB
- MD5
  
  6b6ebf1923001878daa1fbf09640655c
- SHA1
  
  d0c22d0277cea08f176d3b0e0cb030947e21851c
- SHA256
  
  fc4c45524b459ee65fff5e9bc484cb1209cf89cff5e9e5a534d439533a95ceed
- SHA512
  
  c195f8e15b63b9dfc4d890c79545450309080bbaed618a42faa428877b01562a5db25644615ce442cc2560739fec9b14b8036bea7ed144b48ef5e0581a969149
- SSDEEP
  
  6144:8m168FmCFsPeN8fdoIg4j5T0MJHYV1o6ckOnNyjtnlQ:8iwvmN8fKl4j5AMJ13k+NulQ
Score

10^/10

cobaltstrike 0 backdoor trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2