Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e4ea8d11c4961b44e32cdcb1cda5fa05b33137c1066761bc195194d9133f13a1

  • Size

    176KB

  • Sample

    191210-csaawyhn5x

  • MD5

    2651c8b1ec124ecce7ff93645711f876

  • SHA1

    4014ae90ca1bfe38cfb4b5c9f3d4fa8d2e0cbf21

  • SHA256

    e4ea8d11c4961b44e32cdcb1cda5fa05b33137c1066761bc195194d9133f13a1

  • SHA512

    400e66dd41875ae154e0d879bc7e6f21c70d27816448f298b831999d904c34963db995e2734f08f90860faffa33145fe58123ef01d41ac5afdcff8c0efafc2dd

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://myphamthuydung.com/tmp/bwo/

exe.dropper

http://lalletera.cat/bootstrap/ilym/

exe.dropper

https://www.primepenguin.com/wp-admin/fefkbm/

exe.dropper

https://www.ukrembtr.com/wp-admin/s3OYk/

exe.dropper

https://shourayinfotech.xyz/wp-includes/pa1uxi/

Extracted

Family

emotet

Botnet

Epoch2

C2

2.38.99.79:80

98.24.231.64:80

47.156.70.145:80

37.59.24.177:8080

66.34.201.20:7080

108.179.206.219:8080

45.56.88.91:443

206.189.112.148:8080

120.150.246.241:80

190.56.255.118:80

200.71.148.138:8080

192.241.255.77:8080

211.63.71.72:8080

190.53.135.159:21

183.102.238.69:465

108.191.2.72:80

107.170.24.125:8080

167.114.242.226:8080

91.73.197.90:80

178.209.71.63:8080

rsa_pubkey.plain

Targets

    • Target

      e4ea8d11c4961b44e32cdcb1cda5fa05b33137c1066761bc195194d9133f13a1

    • Size

      176KB

    • MD5

      2651c8b1ec124ecce7ff93645711f876

    • SHA1

      4014ae90ca1bfe38cfb4b5c9f3d4fa8d2e0cbf21

    • SHA256

      e4ea8d11c4961b44e32cdcb1cda5fa05b33137c1066761bc195194d9133f13a1

    • SHA512

      400e66dd41875ae154e0d879bc7e6f21c70d27816448f298b831999d904c34963db995e2734f08f90860faffa33145fe58123ef01d41ac5afdcff8c0efafc2dd

    Score
    10/10
    • Emotet

      Emotet is a trojan that is primarily spread through spam emails

    • Executes dropped EXE

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks