Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f

  • Size

    904KB

  • Sample

    221031-ng3r3aagf2

  • MD5

    4bfad4cb9222e22214d002be79a0df7e

  • SHA1

    44533522afbaf6b66a354e8b9f846117760e1320

  • SHA256

    fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f

  • SHA512

    725d8333c266a587cb2be983bc8c7957232049f76668c9e937a97952f09ec8b76f069ffabc6ca423b94e7760d4726ae4fa33f4ed1c3a15bd243a6f1614dfa90f

  • SSDEEP

    24576:dGHCm8uPdJddrD7pIZ2GRaRkhiZ8fAivsP5+l8w:kuWzKZ2GRrKIkPw

Malware Config

Extracted

Family

cobaltstrike

C2

http://124.220.0.89:7777/l5Si

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)

Extracted

Family

cobaltstrike

Botnet

0

Attributes
  • watermark

    0

Targets

    • Target

      fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f

    • Size

      904KB

    • MD5

      4bfad4cb9222e22214d002be79a0df7e

    • SHA1

      44533522afbaf6b66a354e8b9f846117760e1320

    • SHA256

      fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f

    • SHA512

      725d8333c266a587cb2be983bc8c7957232049f76668c9e937a97952f09ec8b76f069ffabc6ca423b94e7760d4726ae4fa33f4ed1c3a15bd243a6f1614dfa90f

    • SSDEEP

      24576:dGHCm8uPdJddrD7pIZ2GRaRkhiZ8fAivsP5+l8w:kuWzKZ2GRrKIkPw

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks