cobaltstrike | ba54ad675dae854e1533f16c531e758b2ff7c0dd9255f03853c043a6d07067ee | Triage

Sharing

General

Target

d8c055d9ad080081ca51d7a4e4fabc7e_JaffaCakes118
Size

202KB
Sample

240910-wlej2ayapc
MD5

d8c055d9ad080081ca51d7a4e4fabc7e
SHA1

dea48c75d926b364f8e8b10e096a6ab9f346dba2
SHA256

ba54ad675dae854e1533f16c531e758b2ff7c0dd9255f03853c043a6d07067ee
SHA512

af24eedc53bba53cf6b0ab67dd109343e89a0846937caf49776dddc6e3bd0b16a30e9661c717b51f019669e717113c6c75f5e97a64f5876fe871aa5a828deb60
SSDEEP

3072:Pjh9N4a1j712h9Td2+1lxvTeZna8xUhUbT151:PjdFKdoSxvixTxUA

Score

10^/10

cobaltstrike 0 discovery

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://45.158.32.14:443/push

Attributes

access_type
512
beacon_type
2048
create_remote_thread
768
crypto_scheme
256
host
45.158.32.14,/push
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
60000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCm1s9h0HwcitEInUprmn+sCN2ptFadvFx3jKhUStt06kHfiZi9V+N3cetXpvZF3eTtLBaspnho1/xXZx0Lln2kxKdChUXZtRN+ilvf7/kT4TLNf+6WLyzDbVxHC7uVAudpdVm1+ftFHUaJ7D6+BKGuo1rmFgle9ofgYghxkwQE5wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)
watermark
0

Targets

- Target
  
  d8c055d9ad080081ca51d7a4e4fabc7e_JaffaCakes118
- Size
  
  202KB
- MD5
  
  d8c055d9ad080081ca51d7a4e4fabc7e
- SHA1
  
  dea48c75d926b364f8e8b10e096a6ab9f346dba2
- SHA256
  
  ba54ad675dae854e1533f16c531e758b2ff7c0dd9255f03853c043a6d07067ee
- SHA512
  
  af24eedc53bba53cf6b0ab67dd109343e89a0846937caf49776dddc6e3bd0b16a30e9661c717b51f019669e717113c6c75f5e97a64f5876fe871aa5a828deb60
- SSDEEP
  
  3072:Pjh9N4a1j712h9Td2+1lxvTeZna8xUhUbT151:PjdFKdoSxvixTxUA
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2