Overview

overview

10

Static

static

1

TS-425B.exe

windows7-x64

10

TS-425B.exe

windows10-2004-x64

10

TS-696C.exe

windows7-x64

10

TS-696C.exe

windows10-2004-x64

10

TS-A6B.exe

windows7-x64

10

TS-A6B.exe

windows10-2004-x64

10

TS-A901.exe

windows7-x64

10

TS-A901.exe

windows10-2004-x64

10

TS-AA9D.exe

windows7-x64

10

TS-AA9D.exe

windows10-2004-x64

10

TS-B71A.exe

windows7-x64

1

TS-B71A.exe

windows10-2004-x64

10

TS-C643.exe

windows7-x64

10

TS-C643.exe

windows10-2004-x64

10

TS-CB61.exe

windows7-x64

10

TS-CB61.exe

windows10-2004-x64

10

TS-D2E2.exe

windows7-x64

1

TS-D2E2.exe

windows10-2004-x64

10

TS-E92C.exe

windows7-x64

1

TS-E92C.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_a0a001e005239910726efdff46be78a9c2c915a5e744dac8f1ac24c700a986c1

  • Size

    1.5MB

  • Sample

    241222-myh9bavpcx

  • MD5

    99721d313b264dbc29f900164ac5c737

  • SHA1

    51d010edafaa105f8c65fb500e65fe01f219efdd

  • SHA256

    a0a001e005239910726efdff46be78a9c2c915a5e744dac8f1ac24c700a986c1

  • SHA512

    6721e5089e16ce86b29097daa1eab1fa26e9ffe48eb72ec4f3427c4c7101bd6d92e42a78fc6bc4391902d324d72d201c11cfba74320de3078d31ae3850619303

  • SSDEEP

    24576:rNFIsSfvrZbhEoMcgLqEtyFGyu+ZbhEoIZbhEo0jETf+NFTH9S4gsO:5FIvfvrPMcgLq8Jyu+PIPg8f+NFhO

Score
10/10
cobaltstrikemetasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://217.12.218.46:80/ZJDt

http://1nevadasports.com:443/F5tm

http://njerseysports.com:443/jquery-3.3.1.slim.min.js

http://185.14.28.232:80/jquery-3.3.1.slim.min.js
Attributes
  • headers User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Extracted

Family

cobaltstrike

C2

http://njerseysports.com:443/jquery-3.3.2.slim.min.js

http://185.14.28.232:80/jquery-3.3.2.slim.min.js

http://217.12.218.46:80/zJWB

http://1nevadasports.com:443/dP9p
Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

    • Target

      TS-425B.exe

    • Size

      274KB

    • MD5

      75d2d8b4bf4123d1811ebf58b032d7bb

    • SHA1

      c108e20904de7e385ebf90d8fd937429d643beb6

    • SHA256

      1e4b8f55a2064f0a234ef71e5f832d5125537baa187dff645a9b60a5f67fda33

    • SHA512

      650e69fa3b940904eec179f5b6eee5260d83205fa26125dff5d31897eea3676bfd287fe167d060a00f57b08203bdc8d950aa2415217210072e27c5b62d2286d0

    • SSDEEP

      6144:HiKwlJzJ60KLugsCaqvwlAGNWZcHrKelG2beAOmOl3lujj:fLugsCaqI1NWZca2qEOZlujj

    Score
    10/10
    metasploitbackdoordiscoverytrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit
    behavioral1behavioral2

    • Target

      TS-696C.exe

    • Size

      337KB

    • MD5

      9b164c97f44eca962f069fa371944a05

    • SHA1

      c0a66eec7cb5442894728c52bcfa97f1cd4e6e95

    • SHA256

      3f104bb1d61e7a87f56cffb4282d6f34c761a2f8efd28b75108e28759e27dd16

    • SHA512

      9f7a4932a185b304ef9384643825231932b93fa08d874e103ba50425ece19beb4e6fd3dd09c54dbcec4a7e9372eeda7193a54e20d5b41952f709db3741b19e01

    • SSDEEP

      6144:JnQSf+0fSyWagx+BHxtBzZ2l/Ku5rVHrYYPoPTAbrAx:VQyTVIx8Nk5rVHxoPvx

    Score
    10/10
    cobaltstrikebackdoortrojan
    behavioral3behavioral4

    • Target

      TS-A6B.exe

    • Size

      336KB

    • MD5

      1be064b555a27313735addb9ee122c61

    • SHA1

      ec929affcde71e1c9fd6a4623b1a11324182c1b9

    • SHA256

      f7dc19cd548accd993e77cd68cbb10e9d0734bcae29baf3453499c7ab84dbb5f

    • SHA512

      9946c6a4cf231e6dcb4d65838e78ee993267989c2d59d529aba7e8c7494106e5570ea5f518ca85fc6616baed57ed6e5f2925c3aab205425a4c0774a3828fc74e

    • SSDEEP

      6144:wLkMClj3IwsQZYayva/lOM4IvnitHsDc8rCaIo5I0ay:rjfZRtOTtHsDOtoyDy

    Score
    10/10
    cobaltstrikebackdoortrojan
    behavioral5behavioral6

    • Target

      TS-A901.exe

    • Size

      337KB

    • MD5

      3050de289706d4fefe60f97909138e6d

    • SHA1

      5fb4a5b76c31b8f07f010d0f4a77364c249c09cf

    • SHA256

      ea88766a215f1d80a2aa5a32cad7fde54150983b45cb42b4c5f097204dc48419

    • SHA512

      8545c8c524c9ee9cdf5a34ee261a997c9100b542845c3f3fec6d1b29d5d6547850f49cfd8b2f42c305f843b9f39a0b2414f340e55ae8d3430c5285799f1ba3ab

    • SSDEEP

      6144:rGdpDpUU6q7riwB6wiEngpakEPBBYPofuVy:ajz7VdmakEPGofay

    Score
    10/10
    cobaltstrikebackdoortrojan
    behavioral7behavioral8

    • Target

      TS-AA9D.exe

    • Size

      273KB

    • MD5

      7610bc133d34450533d038644676931b

    • SHA1

      38946a521ecbc8822977e5740b05d171b63bdaf6

    • SHA256

      9db2b5ffd30a31e024b8865b13dfaa321d6ae0dd8b39a48bc143738de4cd8c4d

    • SHA512

      c6836781750fadd56edbb1371ee11920491ac7f58953d2cc932b35809c693197b67c9e801eeaec9fce8783c7a144124b4f8eb1fa1b5c870ababfb8a4d92fe15b

    • SSDEEP

      6144:YpTVj5Cs65Vju4sPWBZdOHWpg+ByXYnILTLGeAO+BcJu9kI:KfChju4sPWnUHWpgGILTLrcBuu9b

    Score
    10/10
    metasploitbackdoordiscoverytrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit
    behavioral10behavioral9

    • Target

      TS-B71A.exe

    • Size

      336KB

    • MD5

      1be064b555a27313735addb9ee122c61

    • SHA1

      ec929affcde71e1c9fd6a4623b1a11324182c1b9

    • SHA256

      f7dc19cd548accd993e77cd68cbb10e9d0734bcae29baf3453499c7ab84dbb5f

    • SHA512

      9946c6a4cf231e6dcb4d65838e78ee993267989c2d59d529aba7e8c7494106e5570ea5f518ca85fc6616baed57ed6e5f2925c3aab205425a4c0774a3828fc74e

    • SSDEEP

      6144:wLkMClj3IwsQZYayva/lOM4IvnitHsDc8rCaIo5I0ay:rjfZRtOTtHsDOtoyDy

    Score
    10/10
    cobaltstrikebackdoortrojan
    behavioral11behavioral12

    • Target

      TS-C643.exe

    • Size

      336KB

    • MD5

      1be064b555a27313735addb9ee122c61

    • SHA1

      ec929affcde71e1c9fd6a4623b1a11324182c1b9

    • SHA256

      f7dc19cd548accd993e77cd68cbb10e9d0734bcae29baf3453499c7ab84dbb5f

    • SHA512

      9946c6a4cf231e6dcb4d65838e78ee993267989c2d59d529aba7e8c7494106e5570ea5f518ca85fc6616baed57ed6e5f2925c3aab205425a4c0774a3828fc74e

    • SSDEEP

      6144:wLkMClj3IwsQZYayva/lOM4IvnitHsDc8rCaIo5I0ay:rjfZRtOTtHsDOtoyDy

    Score
    10/10
    cobaltstrikebackdoortrojan
    behavioral13behavioral14

    • Target

      TS-CB61.exe

    • Size

      275KB

    • MD5

      74b457e0ed2252df87678c69907a8a24

    • SHA1

      5323e4bfbfab456fe5d1b87b087df70878ade12b

    • SHA256

      6220127ada00d84b58d718152748cd2c62007b1de92201701dc2968d2b00e31f

    • SHA512

      f8af47d90bbc5e2323044def8d9c7475d148632a1c5a8f0696eeca6f345ba1ec115bc812801a5ca900914ab035763b24f202b5739b72507a725c001dabbd6643

    • SSDEEP

      6144:K1BpxRvBVO1bDuuVDUV7FNPxpt2PV4p4Ggg2R1eAOb14fRjmPx0:K7hADuuVDUBvxpAPVm2Rkt1DPx0

    Score
    10/10
    metasploitbackdoortrojandiscovery

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit
    behavioral15behavioral16

    • Target

      TS-D2E2.exe

    • Size

      274KB

    • MD5

      2216c09db9c52a9f617121572a2a8401

    • SHA1

      c2d95ac92970dbe747b5c856dcb8dade67d1fc48

    • SHA256

      5752371ce5738295be58ca571652bc07d8215d0029193c08dc1a83ee9402068c

    • SHA512

      5c1d08620113fc1fb6ae7185a11e993e004a7a2af6d2af5671f3f8931df59d8f0591898bb7e7bd78b2d6123c42b2a13fa671f5c821c07a1a74da4ee02f42b0c6

    • SSDEEP

      6144:2ax3gjfE0BjgLugseHgCFAGIjvK0ypeFo2LeAOZl7Q6uuj:0MLugseH/VIjvKZ2arDuuj

    Score
    10/10
    metasploitbackdoordiscoverytrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit
    behavioral17behavioral18

    • Target

      TS-E92C.exe

    • Size

      337KB

    • MD5

      daa50ef7e548ff92637261e456b028a5

    • SHA1

      adcae602f41bc9054ce5b720a37268548e87e787

    • SHA256

      8e55507b2e241da58b923ffda79e0bd2451df455b5154e93d65dfabbf9683393

    • SHA512

      6d136d705211605314c338dd80da1364410212145a485f810af8071a31e13288a595f3f1254be9caaf97cc83a9bd7852696c703a73d9d66b104d351d084a9dab

    • SSDEEP

      6144:+DHoJ0n4XCWMId9ccIui7aLrXBapUdhho+Z1O/N+kB:WUNCAcvgrXBapUhorV+kB

    Score
    10/10
    cobaltstrikebackdoortrojan
    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
1/10

behavioral1

metasploitbackdoordiscoverytrojan
Score
10/10

behavioral2

metasploitbackdoordiscoverytrojan
Score
10/10

behavioral3

cobaltstrikebackdoortrojan
Score
10/10

behavioral4

cobaltstrikebackdoortrojan
Score
10/10

behavioral5

cobaltstrikebackdoortrojan
Score
10/10

behavioral6

cobaltstrikebackdoortrojan
Score
10/10

behavioral7

cobaltstrikebackdoortrojan
Score
10/10

behavioral8

cobaltstrikebackdoortrojan
Score
10/10

behavioral9

metasploitbackdoortrojan
Score
10/10

behavioral10

metasploitbackdoordiscoverytrojan
Score
10/10

behavioral11

Score
1/10

behavioral12

cobaltstrikebackdoortrojan
Score
10/10

behavioral13

cobaltstrikebackdoortrojan
Score
10/10

behavioral14

cobaltstrikebackdoortrojan
Score
10/10

behavioral15

metasploitbackdoortrojan
Score
10/10

behavioral16

metasploitbackdoordiscoverytrojan
Score
10/10

behavioral17

Score
1/10

behavioral18

metasploitbackdoordiscoverytrojan
Score
10/10

behavioral19

Score
1/10

behavioral20

cobaltstrikebackdoortrojan
Score
10/10