General

  • Target

    5462b4250f47244a4f3ca8eeea84af1a6912f2c2e8af6475805bfd536b71c4f8

  • Size

    5.3MB

  • Sample

    240726-dhcl6asdpj

  • MD5

    14f761f4456cfa0134a00c46034aea6a

  • SHA1

    5ac7437634666e7d39091f412feda9042dcb1eb6

  • SHA256

    5462b4250f47244a4f3ca8eeea84af1a6912f2c2e8af6475805bfd536b71c4f8

  • SHA512

    04efdf17d1ab4d95749e00fdd5c82d606ead1214159381d2dadadaf9d377837f1bd00e19f4201f96aedc735be7d1147a450e0d5a33a65195359726a30f530a3b

  • SSDEEP

    49152:4g+DvhbWZIEDrb/TBvO90d7HjmAFd4A64nsfJmEB5540jbBriyG4Z2a0DXwfuoL:8bWZ6pGdApE2ZHH

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

C2

http://223.111.24.112:443/jquery-3.4.8.min.js

http://180.213.251.231:443/jquery-3.4.8.min.js

http://111.170.24.227:443/jquery-3.4.8.min.js

http://124.225.167.216:443/jquery-3.4.8.min.js

http://59.80.76.175:443/jquery-3.4.8.min.js

http://180.163.146.78:443/jquery-3.4.8.min.js

http://221.178.6.240:443/jquery-3.4.8.min.js

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    223.111.24.112,/jquery-3.4.8.min.js,180.213.251.231,/jquery-3.4.8.min.js,111.170.24.227,/jquery-3.4.8.min.js,124.225.167.216,/jquery-3.4.8.min.js,59.80.76.175,/jquery-3.4.8.min.js,180.163.146.78,/jquery-3.4.8.min.js,221.178.6.240,/jquery-3.4.8.min.js

  • http_header1

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADQAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAAFAAAACF9fY2ZkdWlkAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    9472

  • polling_time

    45000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVoF7UiSn21PBsxN72WGgRpUIZ5bey5CyrdFWw3ax2ccEsCDnZxXZCYsH9kWU/ME06zPMTbynhburhCn+GErh+rwWP0f73PPErvM361rvWq4P+woIL/cznANZJ1UJmecivpw4OQPMPWs1kzPcgooC9I3kuTXidpwytIkaO7P4mTwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.234810624e+09

  • unknown2

    AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /jquery-3.4.9.min.js

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.3

  • watermark

    100000000

Targets

    • Target

      5462b4250f47244a4f3ca8eeea84af1a6912f2c2e8af6475805bfd536b71c4f8

    • Size

      5.3MB

    • MD5

      14f761f4456cfa0134a00c46034aea6a

    • SHA1

      5ac7437634666e7d39091f412feda9042dcb1eb6

    • SHA256

      5462b4250f47244a4f3ca8eeea84af1a6912f2c2e8af6475805bfd536b71c4f8

    • SHA512

      04efdf17d1ab4d95749e00fdd5c82d606ead1214159381d2dadadaf9d377837f1bd00e19f4201f96aedc735be7d1147a450e0d5a33a65195359726a30f530a3b

    • SSDEEP

      49152:4g+DvhbWZIEDrb/TBvO90d7HjmAFd4A64nsfJmEB5540jbBriyG4Z2a0DXwfuoL:8bWZ6pGdApE2ZHH

MITRE ATT&CK Matrix

Tasks