Overview

overview

10

Static

static

10

edd273e86b...18.dll

windows7-x64

1

edd273e86b...18.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edd273e86ba53a797198481865bd143a_JaffaCakes118

  • Size

    255KB

  • Sample

    240920-r57byasaje

  • MD5

    edd273e86ba53a797198481865bd143a

  • SHA1

    9242fb08037c4432f71ff6cd274d70b1219edacc

  • SHA256

    19b0cfc57bbe8e349d176de93f4fec2b6368334423413c060c0a7c8f3591f35b

  • SHA512

    d1d3e6cf75669cb941c5422a08994674d31667c269abbfd2502ff9daac2b0827ebb57d621ebf0880fac26ae01a920c059bea5d8f0fcfe9ee570f0aacc550b8fe

  • SSDEEP

    3072:mGRTrUD4P5/gm1Hw4CKk3wDBRASJfgjHyfTun8gf7o66d9TdpXDIYJN4RdCvu7Ke:mGRTUm1aAfb1T6xj36rbTI4L

Score
10/10
cobaltstrike0

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://49.233.137.7:3321/ca

Attributes
  • access_type

    512

  • crypto_scheme

    256

  • host

    49.233.137.7,/ca

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    60000

  • port_number

    3321

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBEl/agsSFWVIoRsvSWTzRTsp19elJr41/d5/EU/WKDZerGzp1goWFdbcxYinEEcTSwvmOo6N7zDl99xdytIZhySbqkJtIyXNT/KT50OI5oyCypAWCgYq4D0z/53Rd2h0G+02uDeznORS98XT1pf68LQdRc3NJ/fVr85gA3kKxtwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1)

  • watermark

    0

Targets

    • Target

      edd273e86ba53a797198481865bd143a_JaffaCakes118

    • Size

      255KB

    • MD5

      edd273e86ba53a797198481865bd143a

    • SHA1

      9242fb08037c4432f71ff6cd274d70b1219edacc

    • SHA256

      19b0cfc57bbe8e349d176de93f4fec2b6368334423413c060c0a7c8f3591f35b

    • SHA512

      d1d3e6cf75669cb941c5422a08994674d31667c269abbfd2502ff9daac2b0827ebb57d621ebf0880fac26ae01a920c059bea5d8f0fcfe9ee570f0aacc550b8fe

    • SSDEEP

      3072:mGRTrUD4P5/gm1Hw4CKk3wDBRASJfgjHyfTun8gf7o66d9TdpXDIYJN4RdCvu7Ke:mGRTUm1aAfb1T6xj36rbTI4L

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks