General

  • Target

    845494030584336d820cc9d15e8bfa2f_JaffaCakes118

  • Size

    278KB

  • Sample

    240530-qt4w1abd79

  • MD5

    845494030584336d820cc9d15e8bfa2f

  • SHA1

    009c97361fdc7d912c4154ab7c739b606b5bf79d

  • SHA256

    a70aecdd4963e21db30d5076023197c815e78b06c64cf8564691e37d04be66d1

  • SHA512

    b9aa3113b44a816ba711ba38fa7c9cfaed517bdff1427a686cfcda186a6e9615d106231ce50b97d963d3425cb1a21fb662b52517b5ff400e0664caf13e498e45

  • SSDEEP

    6144:xRTBdVjCY/b3iiBmlnOE9fWCDBbLfOK9wNNiJ:xdxjCAb3iiBEO0fNnL9wNN

Malware Config

Extracted

Family

cobaltstrike

Botnet

304176511

C2

http://165.22.71.42:80/TRAINING-BEACON

Attributes
  • access_type

    512

  • host

    165.22.71.42,/TRAINING-BEACON

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAWQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQAAAAcAAAAAAAAAAwAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    2560

  • maxdns

    255

  • polling_time

    5000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqX4xlZZsBSXx37ZtoZTVcPNekEVaMiwyszEIH553CR/9831bARideQz14cMRAHQ+wneLPSx4WqNCA44x0UdSwFR4DAKjChX2Vt9USzbbaVnBYc3+oVX+tYVQwTT3VElHyQxdrPz3IXxIrucsyaOsk6re9hia3EucFnNaFZva4rwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /TRAINING-BEACON/submit.php

  • user_agent

    Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

  • watermark

    304176511

Targets

    • Target

      845494030584336d820cc9d15e8bfa2f_JaffaCakes118

    • Size

      278KB

    • MD5

      845494030584336d820cc9d15e8bfa2f

    • SHA1

      009c97361fdc7d912c4154ab7c739b606b5bf79d

    • SHA256

      a70aecdd4963e21db30d5076023197c815e78b06c64cf8564691e37d04be66d1

    • SHA512

      b9aa3113b44a816ba711ba38fa7c9cfaed517bdff1427a686cfcda186a6e9615d106231ce50b97d963d3425cb1a21fb662b52517b5ff400e0664caf13e498e45

    • SSDEEP

      6144:xRTBdVjCY/b3iiBmlnOE9fWCDBbLfOK9wNNiJ:xdxjCAb3iiBEO0fNnL9wNN

MITRE ATT&CK Matrix

Tasks