cobaltstrike | 4e8eb7f568eb85fa2273f6c384ef9dee6177a2d94d5de8b506376bd45d128887 | Triage

Sharing

General

Target

e2b633b6bdeb0d00712cc79dba39db1b_JaffaCakes118
Size

206KB
Sample

240915-rykjlayfml
MD5

e2b633b6bdeb0d00712cc79dba39db1b
SHA1

c33cd8157ea5f4fa0c465b6f454da48c7c0a40a9
SHA256

4e8eb7f568eb85fa2273f6c384ef9dee6177a2d94d5de8b506376bd45d128887
SHA512

50c2d6b0893d6a43b9a6516155972ffd58597eccf46119e1a9cbcbebc2ff9c31bdc6b38863cceabf5871af63a86a580f2623ad3b0b736fd7c0e10d495f8786d8
SSDEEP

3072:nryYXMJJciFoSYMoXYQlwfv/gF8jua3PX4Ns5drwolUtvDL57uN:lXkiq4wfv4Kjnv+srwoKDq

Score

10^/10

cobaltstrike 0 discovery

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://103.224.81.80:53/dpixel

Attributes

access_type
512
crypto_scheme
256
host
103.224.81.80,/dpixel
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
60000
port_number
53
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCMOV1vbx7GA/iEWlGLsLIPkm/iKASiEsbF+QKunuk8toqc0pKeeP0YOChgMiMI7NtcxpduAZYO3zhFWjW3NDSkBki3klTAZHLEoFSoEPQZgFEvNBJ7+2v8nPCCsRQiCkO1ZJX9GmvO/vHF0OKaidgRQDL0Iwnuf3QJe5u3EldNswIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727)
watermark
0

Targets

- Target
  
  e2b633b6bdeb0d00712cc79dba39db1b_JaffaCakes118
- Size
  
  206KB
- MD5
  
  e2b633b6bdeb0d00712cc79dba39db1b
- SHA1
  
  c33cd8157ea5f4fa0c465b6f454da48c7c0a40a9
- SHA256
  
  4e8eb7f568eb85fa2273f6c384ef9dee6177a2d94d5de8b506376bd45d128887
- SHA512
  
  50c2d6b0893d6a43b9a6516155972ffd58597eccf46119e1a9cbcbebc2ff9c31bdc6b38863cceabf5871af63a86a580f2623ad3b0b736fd7c0e10d495f8786d8
- SSDEEP
  
  3072:nryYXMJJciFoSYMoXYQlwfv/gF8jua3PX4Ns5drwolUtvDL57uN:lXkiq4wfv4Kjnv+srwoKDq
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2