Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
174735242aea0aac434f772400ccc5d8.exe
-
Size
1.3MB
-
Sample
230523-s8e8asgh2x
-
MD5
174735242aea0aac434f772400ccc5d8
-
SHA1
b7cc2f3f5d09d917805e4f1dd49303d930d59c50
-
SHA256
0d214808a672a6096734ee1bf66596f7a025e2dd7b9b51dba084d15782de8b4b
-
SHA512
26045a85250d58ee49adf7f2f668a217529891a64f57137b73c208d3729304a66451ad631451c847ed12491de50c4c5e01510fda4bf988380a889b190b38b251
-
SSDEEP
24576:FxYAMR/6tF5ng+ON888dvF4HfiMI604E:FxYAMh2g+O5y4/2t
Malware Config
Extracted
cobaltstrike
http://18.167.109.204:8657/J9ko
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)
Extracted
cobaltstrike
391144938
http://18.167.109.204:8657/updates.rss
-
access_type
512
-
beacon_type
2048
-
host
18.167.109.204,/updates.rss
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
8657
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCCOJ/a3GW+0kIXwieoo44EuixLefu/ILjQubDCJ61Ffm3OozYqi6/r4MmbgQREj5BYvd2g4w8CHDL2kBvhJ6MR+l/P+cgw9lpjMrac4vZiQdKF2ivDy2imWo206pOORhv6mx3lhj5mQ4xImqv6gs9IdN6IxM2WFyukSWnAZLtNSwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)
-
watermark
391144938
Targets
-
-
Target
174735242aea0aac434f772400ccc5d8.exe
-
Size
1.3MB
-
MD5
174735242aea0aac434f772400ccc5d8
-
SHA1
b7cc2f3f5d09d917805e4f1dd49303d930d59c50
-
SHA256
0d214808a672a6096734ee1bf66596f7a025e2dd7b9b51dba084d15782de8b4b
-
SHA512
26045a85250d58ee49adf7f2f668a217529891a64f57137b73c208d3729304a66451ad631451c847ed12491de50c4c5e01510fda4bf988380a889b190b38b251
-
SSDEEP
24576:FxYAMR/6tF5ng+ON888dvF4HfiMI604E:FxYAMh2g+O5y4/2t
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-