Overview

overview

10

Static

static

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8c4d2b714eb8448e1156fb6781e942af_JaffaCakes118

  • Size

    207KB

  • MD5

    8c4d2b714eb8448e1156fb6781e942af

  • SHA1

    b6c4a69ed6eeaa9f82a0a256512eb91de055ad24

  • SHA256

    b2276dea8bb7d4a306c6f84c97ebad8a5c9b1988f8537d676bfe12ced0743ae3

  • SHA512

    25814ba1c39cd57c30fdbefaccacfcd61b1f3325b8d2027947bb73869c3470d26dbdfde40bdaae4fa0ee7fa1d3eba073e2c7433af8837d5fc5602ae0602c6015

  • SSDEEP

    3072:vYXMJJciFoSYMoXYQlwfv/gF8jua3PX4Ns5drwolUtVqL5uNz:gXkiq4wfv4Kjnv+srwoMqLyz

Score
10/10
1772788715cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

1772788715

C2

http://35.182.31.181:443/jquery-3.3.1.min.js

http://jquery.amazoncdn.org:443/jquery-3.3.1.min.js
Attributes
  • access_type

    512

  • dns_idle

    1.908702538e+09

  • host

    35.182.31.181,/jquery-3.3.1.min.js,jquery.amazoncdn.org,/jquery-3.3.1.min.js

  • http_header1

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAVSG9zdDogY29kZS5qcXVlcnkuY29tAAAACgAAACBSZWZlcmVyOiBodHRwOi8vY29kZS5qcXVlcnkuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAANAAAAAgAAAAlfX2NmZHVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAVSG9zdDogY29kZS5qcXVlcnkuY29tAAAACgAAACBSZWZlcmVyOiBodHRwOi8vY29kZS5qcXVlcnkuY29tLwAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAPAAAADQAAAAUAAAAIX19jZmR1aWQAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    8704

  • maxdns

    255

  • pipe_name

    \\%s\pipe\mojo.5688.8052.183894939787088877%x

  • polling_time

    50000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\svchost.exe -k netsvcs

  • sc_process64

    %windir%\sysnative\svchost.exe -k netsvcs

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl+n7138O5QbANU/ut1XinHYvI4NIoozvIWVMqdukbMHv878F8JoDvSUQVZ/HuQBMhFK0lRUPM7Ov2SEK+W4AuB4i07kNue6H2Q1u/aacprdLqKAxSEzOND4xlXqJCWI8koTY9V5t3Pv1AmRAHvQ3+L4KndF44vbxxMEZSLubPiwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.234810624e+09

  • unknown2

    AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /jquery-3.3.2.min.js

  • user_agent

    Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

  • watermark

    1772788715

Signatures

Files

  • 8c4d2b714eb8448e1156fb6781e942af_JaffaCakes118