General
-
Target
845494030584336d820cc9d15e8bfa2f_JaffaCakes118
-
Size
278KB
-
Sample
240530-qt4w1abd79
-
MD5
845494030584336d820cc9d15e8bfa2f
-
SHA1
009c97361fdc7d912c4154ab7c739b606b5bf79d
-
SHA256
a70aecdd4963e21db30d5076023197c815e78b06c64cf8564691e37d04be66d1
-
SHA512
b9aa3113b44a816ba711ba38fa7c9cfaed517bdff1427a686cfcda186a6e9615d106231ce50b97d963d3425cb1a21fb662b52517b5ff400e0664caf13e498e45
-
SSDEEP
6144:xRTBdVjCY/b3iiBmlnOE9fWCDBbLfOK9wNNiJ:xdxjCAb3iiBEO0fNnL9wNN
Static task
static1
Behavioral task
behavioral1
Sample
845494030584336d820cc9d15e8bfa2f_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
845494030584336d820cc9d15e8bfa2f_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cobaltstrike
304176511
http://165.22.71.42:80/TRAINING-BEACON
-
access_type
512
-
host
165.22.71.42,/TRAINING-BEACON
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAWQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQAAAAcAAAAAAAAAAwAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
jitter
2560
-
maxdns
255
-
polling_time
5000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqX4xlZZsBSXx37ZtoZTVcPNekEVaMiwyszEIH553CR/9831bARideQz14cMRAHQ+wneLPSx4WqNCA44x0UdSwFR4DAKjChX2Vt9USzbbaVnBYc3+oVX+tYVQwTT3VElHyQxdrPz3IXxIrucsyaOsk6re9hia3EucFnNaFZva4rwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/TRAINING-BEACON/submit.php
-
user_agent
Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
-
watermark
304176511
Targets
-
-
Target
845494030584336d820cc9d15e8bfa2f_JaffaCakes118
-
Size
278KB
-
MD5
845494030584336d820cc9d15e8bfa2f
-
SHA1
009c97361fdc7d912c4154ab7c739b606b5bf79d
-
SHA256
a70aecdd4963e21db30d5076023197c815e78b06c64cf8564691e37d04be66d1
-
SHA512
b9aa3113b44a816ba711ba38fa7c9cfaed517bdff1427a686cfcda186a6e9615d106231ce50b97d963d3425cb1a21fb662b52517b5ff400e0664caf13e498e45
-
SSDEEP
6144:xRTBdVjCY/b3iiBmlnOE9fWCDBbLfOK9wNNiJ:xdxjCAb3iiBEO0fNnL9wNN
Score10/10 -