cobaltstrike | fa405c36d82b264568219b521886d2e7ef589674874983c7db1d67928003489e | Triage

Sharing

General

Target

f2f52c78d594c37b546f6c09207cb481_JaffaCakes118
Size

202KB
Sample

240923-x3l6waycqp
MD5

f2f52c78d594c37b546f6c09207cb481
SHA1

12bc1affe86327d9f78684cde46cfff4dee57149
SHA256

fa405c36d82b264568219b521886d2e7ef589674874983c7db1d67928003489e
SHA512

65a18a46c31ea25b9f6b55b56024c973b6af375e109cfafca9058c7570eb6e86ffdeb13c6fe663a8258c1146b04934cd638950aef5e9db70a31b6664392b362f
SSDEEP

3072:1jh9N4a1j712h9Td2+1lxvTeZna8xUhUbT15m:1jdFKdoSxvixTxUA

Score

10^/10

cobaltstrike 0 discovery

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://carbon-copy-marketing.com:80/karriere/gratuit.htm

Attributes

access_type
512
create_remote_thread
768
dns_idle
1.34744072e+08
dns_sleep
6.7108864e+08
host
carbon-copy-marketing.com,/karriere/gratuit.htm
http_header1
AAAABwAAAAAAAAANAAAABQAAAAZhY2NlcHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAABwAAAAAAAAADAAAAAgAAAARsb2c9AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
3840
maxdns
242
pipe_name
\\%s\pipe\txrn_#
polling_time
60000
port_number
80
sc_process32
%windir%\syswow64\svchost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJrB75zUXD0CjbHRy02mArinBi5RpUVRT+RrzNMzS1LRIadBhAsTxabrmlci+ndfvnILuCmGyj//OPMEPvGLssSYVcMPfYzwhdkniAhbPwY4sZELMq6+FHBhHGEP3cnjnUsUKgjDQt56PKahJihb8UeCxHrzvEwti551ZYb4RbtQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/archieve/avisolegal.htm
user_agent
Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
watermark
0

Targets

- Target
  
  f2f52c78d594c37b546f6c09207cb481_JaffaCakes118
- Size
  
  202KB
- MD5
  
  f2f52c78d594c37b546f6c09207cb481
- SHA1
  
  12bc1affe86327d9f78684cde46cfff4dee57149
- SHA256
  
  fa405c36d82b264568219b521886d2e7ef589674874983c7db1d67928003489e
- SHA512
  
  65a18a46c31ea25b9f6b55b56024c973b6af375e109cfafca9058c7570eb6e86ffdeb13c6fe663a8258c1146b04934cd638950aef5e9db70a31b6664392b362f
- SSDEEP
  
  3072:1jh9N4a1j712h9Td2+1lxvTeZna8xUhUbT15m:1jdFKdoSxvixTxUA
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2