Overview

overview

10

Static

static

3

e347f2b2c5...18.exe

windows7-x64

10

e347f2b2c5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e347f2b2c5e6bf4108cc10375e14f1c7_JaffaCakes118

  • Size

    2.0MB

  • Sample

    240915-ymnv7s1cjm

  • MD5

    e347f2b2c5e6bf4108cc10375e14f1c7

  • SHA1

    0d369f40f86c7cbde894e5a75de5e728d113a4bf

  • SHA256

    e2ec3010ae5ebdfbce98411cd7bc7d4cf4da036d8434e1c711df7e5874038e94

  • SHA512

    97b4fef45618c05b12d187627b4b56b3c363aa24ee2e5cfa5982ef754323247c8c4ad2486f656005f5070232119dea6fd11b2eb4a200365bba93c668ed8c2dca

  • SSDEEP

    49152:w1PzWo0ZHhwAeziWfzpdn1l9VKMwemY6kPPfVxyP:wFz2qsizpdGzemY6kXfY

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://120.78.77.172:443/ajax/libs/jquery/3.5.1/jquery.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.5 Referer: https://www.tencent.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:68.0) Gecko/20100101 Firefox/68.0

Targets

    • Target

      e347f2b2c5e6bf4108cc10375e14f1c7_JaffaCakes118

    • Size

      2.0MB

    • MD5

      e347f2b2c5e6bf4108cc10375e14f1c7

    • SHA1

      0d369f40f86c7cbde894e5a75de5e728d113a4bf

    • SHA256

      e2ec3010ae5ebdfbce98411cd7bc7d4cf4da036d8434e1c711df7e5874038e94

    • SHA512

      97b4fef45618c05b12d187627b4b56b3c363aa24ee2e5cfa5982ef754323247c8c4ad2486f656005f5070232119dea6fd11b2eb4a200365bba93c668ed8c2dca

    • SSDEEP

      49152:w1PzWo0ZHhwAeziWfzpdn1l9VKMwemY6kPPfVxyP:wFz2qsizpdGzemY6kXfY

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks