cobaltstrike | 70316dcf46db940c6f694bded9940a39630fde002b939c4fb078d7cc95e9343f | Triage

Sharing

General

Target

ebeec1f98243ad146051085d3460475f_JaffaCakes118
Size

192KB
Sample

240919-wzzr5ashmg
MD5

ebeec1f98243ad146051085d3460475f
SHA1

9280badf5dc5de421aeae91c3cfa589b3f1f0421
SHA256

70316dcf46db940c6f694bded9940a39630fde002b939c4fb078d7cc95e9343f
SHA512

2cebfc8513908e3d79b0e121094437473bba7009a5d4799e71ac74bd76d61ba90c9e8409ba8bbb07d2237ee16ba88e5c9db870fc95ac324d38b3bd42b1b2edeb
SSDEEP

3072:xqkkr3Owrt4DtSOnmS0yolSVtlL780kUY15e54/:xgn48XjSVr380A

Score

10^/10

cobaltstrike 0 discovery

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://89.144.25.23:443/cx

Attributes

host
89.144.25.23,/cx
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
60000
port_number
443
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCA2yBw95lhrV3gqZHGF1t5C95ZlRXaN2vzSrjoeH2TPkmGr5x4KWNQNWCFZuyWpVrSX01ZM2s3CJTRbEVM6ui4s3XsLfyuadTeycSR+rqW+iglv0T2tnWoPIWipIPOwmqejqoDKcoa5MYgxLfrsDnZYFRPzVyc35nvocAAEBLW4wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Touch)
watermark
0

Targets

- Target
  
  ebeec1f98243ad146051085d3460475f_JaffaCakes118
- Size
  
  192KB
- MD5
  
  ebeec1f98243ad146051085d3460475f
- SHA1
  
  9280badf5dc5de421aeae91c3cfa589b3f1f0421
- SHA256
  
  70316dcf46db940c6f694bded9940a39630fde002b939c4fb078d7cc95e9343f
- SHA512
  
  2cebfc8513908e3d79b0e121094437473bba7009a5d4799e71ac74bd76d61ba90c9e8409ba8bbb07d2237ee16ba88e5c9db870fc95ac324d38b3bd42b1b2edeb
- SSDEEP
  
  3072:xqkkr3Owrt4DtSOnmS0yolSVtlL780kUY15e54/:xgn48XjSVr380A
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2