General

  • Target

    6e843ef4856336fe3ef4ed27a4c792b1_JaffaCakes118

  • Size

    199KB

  • Sample

    240524-pl6j7abf75

  • MD5

    6e843ef4856336fe3ef4ed27a4c792b1

  • SHA1

    1875db18a7c01ec011b1fe2394dfc49ed8a53956

  • SHA256

    5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362

  • SHA512

    8215c089f60f80b174530ebcc62bed7a9c01d086d429791fa2dd3a95cd034f7ece097c7d6824becfd00b0d0587bb0a5249fb644652ef3b6a78469c322bdb0281

  • SSDEEP

    3072:HNEfMCK7JqusgLiKG5TnN7FgkQB7R80kUzRe5f1:SfM5dS/JBN7jiR80Vw

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://www.thyssenkrupp-marinesystems.org:443/__utm.gif

Attributes
  • beacon_type

    2048

  • crypto_scheme

    256

  • host

    www.thyssenkrupp-marinesystems.org,/__utm.gif

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    60000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTIy4LKlsj4LuvhnRNezlSUxV0IZYOTCTEf8urN4b13C7dpabltCqQ2B1ISWZO8vukGscbc/fKGxsRXXnzOrN5XqScXAmCoW36lwPhG00R7Qj2bblz7/b0z3RdjjC2tn0lqy5M0T5GGUV2Lb0b7UBrdqVkawUxjl3n0+QaJh1ncwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)

  • watermark

    0

Targets

    • Target

      6e843ef4856336fe3ef4ed27a4c792b1_JaffaCakes118

    • Size

      199KB

    • MD5

      6e843ef4856336fe3ef4ed27a4c792b1

    • SHA1

      1875db18a7c01ec011b1fe2394dfc49ed8a53956

    • SHA256

      5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362

    • SHA512

      8215c089f60f80b174530ebcc62bed7a9c01d086d429791fa2dd3a95cd034f7ece097c7d6824becfd00b0d0587bb0a5249fb644652ef3b6a78469c322bdb0281

    • SSDEEP

      3072:HNEfMCK7JqusgLiKG5TnN7FgkQB7R80kUzRe5f1:SfM5dS/JBN7jiR80Vw

    Score
    3/10

MITRE ATT&CK Matrix

Tasks