General

  • Target

    a153ecdb18244d0a8ce17ae890030a3b_JaffaCakes118

  • Size

    204KB

  • MD5

    a153ecdb18244d0a8ce17ae890030a3b

  • SHA1

    a806d66be1ec83bc5f8567a20a3914d01b73bb00

  • SHA256

    68dabb04e1d4cb3e3572d70af7ecf69256c74acd41393208fda87eb594daa243

  • SHA512

    8c8728fa8f04105e123a7df8e65bbcb80bc8c9ef24e70180a6f7b6920e9fe8eb0f6f07dfab6c7705efdc018b8322aa544debce1b13c699b8d924b7e827dbc793

  • SSDEEP

    6144:H6y2JxLk5s+PYatuEKqvLm3ApinYYNKhs:HJ2JxLWDTw6LSuinf9

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://45.66.250.14:80/IE9CompatViewList.xml

Attributes
  • access_type

    512

  • host

    45.66.250.14,/IE9CompatViewList.xml

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpdwn4db5jKDymAcEMME4f1aFBVV32PUhXOR0hAJmIzg/sOIknZNI+faJuV1Epub29n/mxnLALxKlCQr8AtC1aGkOajMO1MXcAMbJ0Jl/OgxaYlotJQMoi7v4bsvcw95glHW7kwORzI+RGGvfhqEidyjWrRRl/UIHYX4LX5p3JrQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)

  • watermark

    305419896

Signatures

Files

  • a153ecdb18244d0a8ce17ae890030a3b_JaffaCakes118