General
-
Target
a153ecdb18244d0a8ce17ae890030a3b_JaffaCakes118
-
Size
204KB
-
MD5
a153ecdb18244d0a8ce17ae890030a3b
-
SHA1
a806d66be1ec83bc5f8567a20a3914d01b73bb00
-
SHA256
68dabb04e1d4cb3e3572d70af7ecf69256c74acd41393208fda87eb594daa243
-
SHA512
8c8728fa8f04105e123a7df8e65bbcb80bc8c9ef24e70180a6f7b6920e9fe8eb0f6f07dfab6c7705efdc018b8322aa544debce1b13c699b8d924b7e827dbc793
-
SSDEEP
6144:H6y2JxLk5s+PYatuEKqvLm3ApinYYNKhs:HJ2JxLWDTw6LSuinf9
Malware Config
Extracted
cobaltstrike
305419896
http://45.66.250.14:80/IE9CompatViewList.xml
-
access_type
512
-
host
45.66.250.14,/IE9CompatViewList.xml
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpdwn4db5jKDymAcEMME4f1aFBVV32PUhXOR0hAJmIzg/sOIknZNI+faJuV1Epub29n/mxnLALxKlCQr8AtC1aGkOajMO1MXcAMbJ0Jl/OgxaYlotJQMoi7v4bsvcw95glHW7kwORzI+RGGvfhqEidyjWrRRl/UIHYX4LX5p3JrQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)
-
watermark
305419896
Signatures
-
Cobaltstrike family
Files
-
a153ecdb18244d0a8ce17ae890030a3b_JaffaCakes118