cobaltstrike | fc4c45524b459ee65fff5e9bc484cb1209cf89cff5e9e5a534d439533a95ceed

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b6ebf1923001878daa1fbf09640655c_JaffaCakes118.exe
Size

219KB
MD5

6b6ebf1923001878daa1fbf09640655c
SHA1

d0c22d0277cea08f176d3b0e0cb030947e21851c
SHA256

fc4c45524b459ee65fff5e9bc484cb1209cf89cff5e9e5a534d439533a95ceed
SHA512

c195f8e15b63b9dfc4d890c79545450309080bbaed618a42faa428877b01562a5db25644615ce442cc2560739fec9b14b8036bea7ed144b48ef5e0581a969149
SSDEEP

6144:8m168FmCFsPeN8fdoIg4j5T0MJHYV1o6ckOnNyjtnlQ:8iwvmN8fKl4j5AMJ13k+NulQ

Score

10^/10

cobaltstrike 0 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://103.140.238.125:443/directory/all/tags/dcf598ca-b5de-47d4-af33-ecabe9eaeee1

Attributes

access_type
512
beacon_type
2048
dns_sleep
2.68468224e+09
host
103.140.238.125,/directory/all/tags/dcf598ca-b5de-47d4-af33-ecabe9eaeee1
http_header1
AAAACQAAAAlvZz1hcHBfaWQAAAAQAAAAE0hvc3Q6IHd3dy50d2l0Y2gudHYAAAAKAAAAIEFjY2VwdDogdGV4dC9wbGFpbjtjaGFyc2V0PVVURi04AAAACgAAABZBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAACktpbU5lNzhLY3gAAAABAAAADTZ3S2k1ZlhBcDMxa28AAAAGAAAACUNsaWVudC1JZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAAEAAAABNIb3N0OiBncWwudHdpdGNoLnR2AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAABAAAAAwAAAAIAAAAeInF1ZXJ5IjoiY3Mgb25saW5lIiwib3B0aW9ucyI6AAAAAQAAAB4sImV4dGVuc2lvbnMiOiJwZXJzaXN0ZWRRdWVyeSIAAAAEAAAABwAAAAAAAAANAAAAAgAAAA82MFUycjNySVloSDZ6aS0AAAABAAAAFC1DNnMyd08waFNZU2tvZ2hLUT09AAAABgAAAAlDbGllbnQtSWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
6144
maxdns
244
polling_time
63141
port_number
443
sc_process32
%windir%\syswow64\mfpmp.exe
sc_process64
%windir%\sysnative\mfpmp.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNhBzcit/pmBVAe4IwGwtIADckSNF/F9EmZgXqGW+PWWQ7mAicB1pieRhSfoJwgPGsj8H5+fE1YfgVgalNRGbGqByhw4GfTv0bbeLr0oqNmUP/pP6TLaAcgV0EP0rFGUdDDXI/RHXAIor7jCGC0vfnQ9mrjtbIN99tWb+YYW8pbQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
1.645355008e+09
unknown2
AAAABAAAAAEAAAY4AAAAAgAADCoAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/gql
user_agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
watermark
0

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\6b6ebf1923001878daa1fbf09640655c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6b6ebf1923001878daa1fbf09640655c_JaffaCakes118.exe"
1⤵
PID:4612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4612-0-0x00000000007A0000-0x00000000007DD000-memory.dmp

Filesize
244KB

Download
memory/4612-1-0x0000000000400000-0x000000000043C510-memory.dmp

Filesize
241KB

Download
memory/4612-2-0x00000000007A0000-0x00000000007DD000-memory.dmp

Filesize
244KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads