General

  • Target

    11b732920b446f2f14df826882200b0008023ca16bc1af0d8470a6cb9a59bcba

  • Size

    281KB

  • Sample

    240802-xemgqszhle

  • MD5

    fffbd5e03d4257fbe17f6a280611f2e1

  • SHA1

    d5c69a5380775a7ccf4c48460ab131f7b98f1065

  • SHA256

    11b732920b446f2f14df826882200b0008023ca16bc1af0d8470a6cb9a59bcba

  • SHA512

    be78d66960469d7279720a03df438c8452bca22c6f05f19141e143b5469cb72cd4956215949d7e55a3f8f49ffae3f7806c1ba82a023584cc897b8e6ace99f2bf

  • SSDEEP

    6144:WCJ/4fOG6mDRmEw88Zd+s0DIUnSxfog8xh8Puu0cKBdl5ZAAD0+mFu:D/4BIEwLksbkSxo1xCPuFceZaa

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

C2

http://111.230.196.116:5985/jquery-3.7.1.slim.min.js

Attributes
  • access_type

    512

  • host

    111.230.196.116,/jquery-3.7.1.slim.min.js

  • http_header1

    AAAACgAAAI9BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuNwAAAAoAAAA9QWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOSxlbjtxPTAuOCx6aC1UVztxPTAuNyxydTtxPTAuNgAAAAoAAAAcVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAKEFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnIsIHpzdGQAAAAKAAAAGENhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MAAAAAcAAAAAAAAADQAAAAIAAAAGX191aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAI9BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuNwAAAAoAAAAoQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlLCBiciwgenN0ZAAAAAoAAAAYQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0wAAAACgAAAD1BY2NlcHQtTGFuZ3VhZ2U6IHpoLUNOLHpoO3E9MC45LGVuO3E9MC44LHpoLVRXO3E9MC43LHJ1O3E9MC42AAAACgAAABxVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxAAAACgAAACBSZWZlcmVyOiBodHRwOi8vY29kZS5qcXVlcnkuY29tLwAAAAcAAAAAAAAADwAAAA0AAAAFAAAACF9fY2ZkdWlkAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    9472

  • polling_time

    45000

  • port_number

    5985

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHnC2YfqAO9tmo6ovIRpdKFhzTe/WdshqumDorPUaFyt8suxn9vCp4oMCVIScqMfIHZwIxFn4RUrQ2bc1d1RLrHWS8vp2t51u0+LIc/36iJP+1tjfcHGKO83yZXPe7Guy8Th446y3gcX2RHDLedc5BQ695XhDloHXkRnSSo3JvwQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    2.03974784e+09

  • unknown2

    AAAABAAAAAEAABfdAAAAAgAAASYAAAACAAAmGwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /jquery-3.7.slim.min.js

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

  • watermark

    100000000

Targets

    • Target

      11b732920b446f2f14df826882200b0008023ca16bc1af0d8470a6cb9a59bcba

    • Size

      281KB

    • MD5

      fffbd5e03d4257fbe17f6a280611f2e1

    • SHA1

      d5c69a5380775a7ccf4c48460ab131f7b98f1065

    • SHA256

      11b732920b446f2f14df826882200b0008023ca16bc1af0d8470a6cb9a59bcba

    • SHA512

      be78d66960469d7279720a03df438c8452bca22c6f05f19141e143b5469cb72cd4956215949d7e55a3f8f49ffae3f7806c1ba82a023584cc897b8e6ace99f2bf

    • SSDEEP

      6144:WCJ/4fOG6mDRmEw88Zd+s0DIUnSxfog8xh8Puu0cKBdl5ZAAD0+mFu:D/4BIEwLksbkSxo1xCPuFceZaa

MITRE ATT&CK Matrix

Tasks