General
-
Target
2533b09300b21583d86192548e8282da_JaffaCakes118
-
Size
221KB
-
MD5
2533b09300b21583d86192548e8282da
-
SHA1
efb3112994506cafd748154479bb11b502c84a9f
-
SHA256
ee7932f9d6ace3828b43c63e727497e014931c1c2cb3c21f90065e4098e9e4c1
-
SHA512
b9a958e525c838bf2633e09b39d3fe6ca074eca294e240df0843160a8d0be182c35ffcf62dceb9f81d6c132d236b832e25b431da52166d50bdd51ea60ce134d1
-
SSDEEP
3072:VPdi+x1PzNtFAQaHrWsjiwz8yHAK5cngVYN/o35PPpwy/+0hcn0GcPJOKAYZYSI/:9dJVtFAHrui9HAznUYupPPaWXxOy63
Malware Config
Extracted
cobaltstrike
2113494451
http://www.bankrate.com:443/Collector/2.0/settings/
-
access_type
512
-
beacon_type
2048
-
host
www.bankrate.com,/Collector/2.0/settings/
-
http_header1
AAAACgAAAAxBY2NlcHQ6IGpzb24AAAAQAAAAL0hvc3Q6IGFxdWF5b2dhb25saW5lLmNvbS5nbG9iYWwucHJvZC5mYXN0bHkubmV0AAAACgAAACZSZWZlcmVyOiBodHRwczovL3RlYW1zLm1pY3Jvc29mdC5jb20vXwAAAAoAAAA1eC1tcy1zZXNzaW9uLWlkOiBmNzNjMzE4Ni0wNTdhLWQ5OTYtM2I2My1iNmU1ZGU2ZWYyMGMAAAAKAAAAGXgtbXMtY2xpZW50LXR5cGU6IGRlc2t0b3AAAAAKAAAAKHgtbXgtY2xpZW50LXZlcnNpb246IDI3LzEuMC4wLjIwMjEwMjA0MTAAAAAKAAAAIkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnIAAAAKAAAAI09yaWdpbjogaHR0cHM6Ly90ZWFtcy5taWNyb3NvZnQuY29tAAAACQAAAAhxc3A9dHJ1ZQAAAAkAAAARY2xpZW50LWlkPU5PX0FVVEgAAAAJAAAAHXNkay12ZXJzaW9uPUFDVC1XZWItSlMtMi41LjAmAAAABwAAAAAAAAANAAAABQAAAAZldmVudHMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAxBY2NlcHQ6IGpzb24AAAAQAAAAL0hvc3Q6IGFxdWF5b2dhb25saW5lLmNvbS5nbG9iYWwucHJvZC5mYXN0bHkubmV0AAAACgAAACZSZWZlcmVyOiBodHRwczovL3RlYW1zLm1pY3Jvc29mdC5jb20vXwAAAAoAAABFeC1tcy1xdWVyeS1wYXJhbXM6IGN1cnNvcj0xNjEzNTU0Mzg1JmVwZnM9c3J0JnNjYT01JmFjdGl2ZVRpbWVvdXQ9MTM1AAAACgAAABl4LW1zLWNsaWVudC10eXBlOiBkZXNrdG9wAAAACgAAACh4LW14LWNsaWVudC12ZXJzaW9uOiAyNy8xLjAuMC4yMDIxMDIwNDEwAAAACgAAACJBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUsIGJyAAAACgAAAB9PcmlnaW46IGh0dHBzOi8vdGVhbXMubWljcm9zb2Z0AAAABwAAAAEAAAADAAAAAgAAABVza3lwZXRva2VuPWV5SmhiR2NpT2kAAAAGAAAADkF1dGhlbnRpY2F0aW9uAAAABwAAAAAAAAAIAAAAAgAAABhmNzNjMzE4Ni0wNTdhLWQ5OTYtM2I2My0AAAAGAAAAD3gtbXMtc2Vzc2lvbi1pZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
jitter
10496
-
polling_time
10000
-
port_number
443
-
sc_process32
%windir%\syswow64\logman.exe
-
sc_process64
%windir%\sysnative\logman.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnNfstn/5qmvXWQ2XI0ZGgRN476WLnejJ8ozhtm8E4w9OD5zHTkOSjiuQBovCrDjrv6Fyixj/wHne3i35QEVW2scJ+9AV8rtE0xX+Gd2fPaTtMNel995XMgy0DOOUAaCitcnRSHk0QKd5TEdrJ9s93jMgOgt6P30nVV6OQydtBywIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.952798208e+09
-
unknown2
AAAABAAAAAEAAAAuAAAAAgAAAIIAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/users/8:orgid:b1a28-a1c3-3d54-4eb01adb1/endpoints/events/poll
-
user_agent
Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.10827; Pro)
-
watermark
2113494451
Signatures
-
Cobaltstrike family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2533b09300b21583d86192548e8282da_JaffaCakes118
829da329ce140d873b4a8bde2cbfaa7e
Headers
Imports
Sections