Overview

overview

10

Static

static

3

bbdb318019...32.exe

windows7-x64

1

bbdb318019...32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bbdb318019de9c7dac8145b2b10faee54d3fff24623f867e1a2b4ed51c8c1b32

  • Size

    765KB

  • Sample

    241119-l64pjstpcw

  • MD5

    08aea81e56fa4b3d0757f9d21248b526

  • SHA1

    1cbb5c2f8a65f6d5f756d6c4001d5a4cc6d6f87a

  • SHA256

    bbdb318019de9c7dac8145b2b10faee54d3fff24623f867e1a2b4ed51c8c1b32

  • SHA512

    e23e1305c9d594a224356cfefb04740d90b400b9423719407b9c8fb7237a47255cd53f763521bb1aeea7ebc877edbda32edc0c73304444a1cedcb777961d9fbc

  • SSDEEP

    6144:KuFYv7Xuf6U0LR7Pf4ZjohLlmZnOiKKU05wieqFp/PTHwrDu0IViLpsKlpDe9lv:KMYvzrr9PCo1+nO5V02zf1sKz2Zz

Score
10/10
cobaltstrike2415919104backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

2415919104

C2

http://122.246.6.14:443/jquery-3.3.1.min.js

http://106.117.252.149:443/jquery-3.3.1.min.js

http://125.74.17.26:443/jquery-3.3.1.min.js

http://220.194.224.143:443/jquery-3.3.1.min.js

http://36.159.114.145:443/jquery-3.3.1.min.js

http://110.52.193.33:443/jquery-3.3.1.min.js
Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    122.246.6.14,/jquery-3.3.1.min.js,106.117.252.149,/jquery-3.3.1.min.js,125.74.17.26,/jquery-3.3.1.min.js,220.194.224.143,/jquery-3.3.1.min.js,36.159.114.145,/jquery-3.3.1.min.js,110.52.193.33,/jquery-3.3.1.min.js

  • http_header1

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAARSG9zdDogYXBwLmNjYi5jb20AAAAKAAAAIFJlZmVyZXI6IGh0dHA6Ly9jb2RlLmpxdWVyeS5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA0AAAACAAAACV9fY2ZkdWlkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAABAAAAARSG9zdDogYXBwLmNjYi5jb20AAAAKAAAAIFJlZmVyZXI6IGh0dHA6Ly9jb2RlLmpxdWVyeS5jb20vAAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAHAAAAAAAAAA8AAAANAAAABQAAAAhfX2NmZHVpZAAAAAcAAAABAAAADwAAAA0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    9472

  • polling_time

    48000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq3oh7Yrnkxi+Rn9MVyF+Aw2qQfmN9XOSTZVuQZ1eDEO2NBVms1EFnMFnoIfKwSPc+Aqwjmzdz4oX22AIkfyFx1zNG4+Uj07SsubKu7JF6LofB9xpUHwkzfj/s+y3bli2kRfvF1Tr/Y7qV2O7GUtb+3h07Gi3uQHJCKakANFYBkwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.234810624e+09

  • unknown2

    AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /jquery-3.3.2.min.js

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0

  • watermark

    2415919104

Targets

    • Target

      bbdb318019de9c7dac8145b2b10faee54d3fff24623f867e1a2b4ed51c8c1b32

    • Size

      765KB

    • MD5

      08aea81e56fa4b3d0757f9d21248b526

    • SHA1

      1cbb5c2f8a65f6d5f756d6c4001d5a4cc6d6f87a

    • SHA256

      bbdb318019de9c7dac8145b2b10faee54d3fff24623f867e1a2b4ed51c8c1b32

    • SHA512

      e23e1305c9d594a224356cfefb04740d90b400b9423719407b9c8fb7237a47255cd53f763521bb1aeea7ebc877edbda32edc0c73304444a1cedcb777961d9fbc

    • SSDEEP

      6144:KuFYv7Xuf6U0LR7Pf4ZjohLlmZnOiKKU05wieqFp/PTHwrDu0IViLpsKlpDe9lv:KMYvzrr9PCo1+nO5V02zf1sKz2Zz

    Score
    10/10
    cobaltstrike2415919104backdoortrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks