Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

Rech.doc

windows7-x64

10

Rech.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Rech.zip

  • Size

    694KB

  • Sample

    230308-kg29raeh72

  • MD5

    41604c65d3c3b92aec7cbba4deae8df6

  • SHA1

    398182536295e559181918105580bc44ec654c49

  • SHA256

    09389a18b5464aa25c4029351e5fbf22e4dfff309cc08cc6f4b6d5d08a341bc2

  • SHA512

    12d3ca90951a0a266ab768b61831d51fa2fa1e1e6ef00a36ab312742c5239699f9c44ac58b5a3a8d094f14cdd4d0076d0bd3a2558e1ae563a1475a0de582b87e

  • SSDEEP

    6144:zJNbwmfcuHom8Hz2f//ywiWT8xVTI5wqe:nbPHom8TYyCT8x5I5w1

Score
10/10
emotetepoch4bankermacromacro_on_actiontrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

129.232.188.93:443

164.90.222.65:443

159.65.88.10:8080

172.105.226.75:8080

115.68.227.76:8080

187.63.160.88:80

169.57.156.166:8080

185.4.135.165:8080

153.126.146.25:7080

197.242.150.244:8080

139.59.126.41:443

186.194.240.217:443

103.132.242.26:8080

206.189.28.199:8080

163.44.196.120:8080

95.217.221.146:8080

159.89.202.34:443

119.59.103.152:8080

183.111.227.137:8080

201.94.166.162:443
eck1.plain
ecs1.plain

Targets

    • Target

      Rech.doc

    • Size

      544.3MB

    • MD5

      03a4b5b411f8705e8f20b3e994bae110

    • SHA1

      778e6b3a2fc573ce19c7a7224f4bd4b304c55472

    • SHA256

      de8081cfbb09b591530ae0d10a274e5c308e076f79512323b5c2d5dc590c4498

    • SHA512

      1f1c4abfa9ac5e07f392e5c57c282730210fc6adb5f3960e37fc8e2bbaa92d731086dade7d8bf4e33de7c8d4c1800b3a1a1dc4e5a6b461dd581bac0093c15b25

    • SSDEEP

      6144:xPn4VZXbatu7MDogsDkHS50LdfcGcbz1f5M9KTFrMpSlMK3Ru+Q28:xP4PbNMkgg3Ru+x

    Score
    10/10
    emotetepoch4bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks