Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Rech.zip

  • Size

    694KB

  • Sample

    230308-kg29raeh72

  • MD5

    41604c65d3c3b92aec7cbba4deae8df6

  • SHA1

    398182536295e559181918105580bc44ec654c49

  • SHA256

    09389a18b5464aa25c4029351e5fbf22e4dfff309cc08cc6f4b6d5d08a341bc2

  • SHA512

    12d3ca90951a0a266ab768b61831d51fa2fa1e1e6ef00a36ab312742c5239699f9c44ac58b5a3a8d094f14cdd4d0076d0bd3a2558e1ae563a1475a0de582b87e

  • SSDEEP

    6144:zJNbwmfcuHom8Hz2f//ywiWT8xVTI5wqe:nbPHom8TYyCT8x5I5w1

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

129.232.188.93:443

164.90.222.65:443

159.65.88.10:8080

172.105.226.75:8080

115.68.227.76:8080

187.63.160.88:80

169.57.156.166:8080

185.4.135.165:8080

153.126.146.25:7080

197.242.150.244:8080

139.59.126.41:443

186.194.240.217:443

103.132.242.26:8080

206.189.28.199:8080

163.44.196.120:8080

95.217.221.146:8080

159.89.202.34:443

119.59.103.152:8080

183.111.227.137:8080

201.94.166.162:443

eck1.plain
1
-----BEGIN PUBLIC KEY-----
2
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE86M1tQ4uK/Q1Vs0KTCk+fPEQ3cuw
3
TyCz+gIgzky2DB5Elr60DubJW5q9Tr2dj8/gEFs0TIIEJgLTuqzx+58sdg==
4
-----END PUBLIC KEY-----
ecs1.plain
1
-----BEGIN PUBLIC KEY-----
2
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQF90tsTY3Aw9HwZ6N9y5+be9Xoov
3
pqHyD6F5DRTl9THosAoePIs/e5AdJiYxhmV8Gq3Zw1ysSPBghxjZdDxY+Q==
4
-----END PUBLIC KEY-----

Targets

    • Target

      Rech.doc

    • Size

      544.3MB

    • MD5

      03a4b5b411f8705e8f20b3e994bae110

    • SHA1

      778e6b3a2fc573ce19c7a7224f4bd4b304c55472

    • SHA256

      de8081cfbb09b591530ae0d10a274e5c308e076f79512323b5c2d5dc590c4498

    • SHA512

      1f1c4abfa9ac5e07f392e5c57c282730210fc6adb5f3960e37fc8e2bbaa92d731086dade7d8bf4e33de7c8d4c1800b3a1a1dc4e5a6b461dd581bac0093c15b25

    • SSDEEP

      6144:xPn4VZXbatu7MDogsDkHS50LdfcGcbz1f5M9KTFrMpSlMK3Ru+Q28:xP4PbNMkgg3Ru+x

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.