cobaltstrike | 75fa37065709e1cfeafa58b7dbafb2e89b898d7aeb1bb539e302a7dd893f8ada

General

Target

f72afa19e1e4edffe6344aa9111af81e_JaffaCakes118
Size

192KB
Sample

240926-avxw3szbpd
MD5

f72afa19e1e4edffe6344aa9111af81e
SHA1

f9cd93c485267f9e5fe444bea8736ed537bc50a6
SHA256

75fa37065709e1cfeafa58b7dbafb2e89b898d7aeb1bb539e302a7dd893f8ada
SHA512

893e38e7b6c01a0d67b3e0efad18f4efbcc635f04a719b5107f3e855c1752ffeb2df2d96f2dcd0410a0f148cec70c43b3986b4854fbbfe8196d8b15590b6fc48
SSDEEP

3072:xqkkr3Owrt4DtSOnmS0yolSVtlL780kUY15e55i/:xgn48XjSVr380A

Score

10^/10

cobaltstrike 0 discovery

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://a0.awsstatic.com:80/__utm.gif

http://images.instagram.com:80/__utm.gif

http://media.tumblr.com:80/__utm.gif

http://cdn.zendesk.com:80/__utm.gif

Attributes

host
a0.awsstatic.com,/__utm.gif,images.instagram.com,/__utm.gif,media.tumblr.com,/__utm.gif,cdn.zendesk.com,/__utm.gif
http_header1
AAAACQAAABJ1dG1hYz1VQS0yMjAyNjA0LTIAAAAJAAAAB3V0bWNuPTEAAAAJAAAAEHV0bWNzPUlTTy04ODU5LTEAAAAJAAAAD3V0bXNyPTEyODB4MTAyNAAAAAkAAAAMdXRtc2M9MzItYml0AAAACQAAAAt1dG11bD1lbi1VUwAAAAoAAAAjSG9zdDogZDNteDl3d3Q1NGpoenAuY2xvdWRmcm9udC5uZXQAAAAHAAAAAAAAAAgAAAACAAAABl9fdXRtYQAAAAUAAAAFdXRtY2MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAAAgAAAAZVQS0yMjAAAAABAAAAAi0yAAAABQAAAAV1dG1hYwAAAAkAAAAHdXRtY249MQAAAAkAAAAQdXRtY3M9SVNPLTg4NTktMQAAAAkAAAAPdXRtc3I9MTI4MHgxMDI0AAAACQAAAAx1dG1zYz0zMi1iaXQAAAAJAAAAC3V0bXVsPWVuLVVTAAAACgAAACNIb3N0OiBkM214OXd3dDU0amh6cC5jbG91ZGZyb250Lm5ldAAAAAcAAAABAAAABAAAAAAAAAAAAA==
jitter
5120
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
500
port_number
80
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDlYFyBZVGj7WfFVJUxPVklsHLnsl4QhCMkgdnPDqfkEI8oa7DGOzXtY90swjNj6iyut8WYHU3Wlhnb0vD4z1bKHKg3E+0Pky0Ww/vPzyhfNNmo5eC94Pl1zhT0l9uG/q00aKZL8l2YoEsX06GheQE6CvJ48EhsXPci5+8NONfrwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
6.71092736e+08
unknown2
AAAABAAAAAIAAAAPAAAAAgAAAA8AAAACAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/___utm.gif
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)
watermark
0

Targets

- Target
  
  f72afa19e1e4edffe6344aa9111af81e_JaffaCakes118
- Size
  
  192KB
- MD5
  
  f72afa19e1e4edffe6344aa9111af81e
- SHA1
  
  f9cd93c485267f9e5fe444bea8736ed537bc50a6
- SHA256
  
  75fa37065709e1cfeafa58b7dbafb2e89b898d7aeb1bb539e302a7dd893f8ada
- SHA512
  
  893e38e7b6c01a0d67b3e0efad18f4efbcc635f04a719b5107f3e855c1752ffeb2df2d96f2dcd0410a0f148cec70c43b3986b4854fbbfe8196d8b15590b6fc48
- SSDEEP
  
  3072:xqkkr3Owrt4DtSOnmS0yolSVtlL780kUY15e55i/:xgn48XjSVr380A
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2