Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    174735242aea0aac434f772400ccc5d8.exe

  • Size

    1.3MB

  • Sample

    230523-s8e8asgh2x

  • MD5

    174735242aea0aac434f772400ccc5d8

  • SHA1

    b7cc2f3f5d09d917805e4f1dd49303d930d59c50

  • SHA256

    0d214808a672a6096734ee1bf66596f7a025e2dd7b9b51dba084d15782de8b4b

  • SHA512

    26045a85250d58ee49adf7f2f668a217529891a64f57137b73c208d3729304a66451ad631451c847ed12491de50c4c5e01510fda4bf988380a889b190b38b251

  • SSDEEP

    24576:FxYAMR/6tF5ng+ON888dvF4HfiMI604E:FxYAMh2g+O5y4/2t

Malware Config

Extracted

Family

cobaltstrike

C2

http://18.167.109.204:8657/J9ko

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://18.167.109.204:8657/updates.rss

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    18.167.109.204,/updates.rss

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    8657

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCCOJ/a3GW+0kIXwieoo44EuixLefu/ILjQubDCJ61Ffm3OozYqi6/r4MmbgQREj5BYvd2g4w8CHDL2kBvhJ6MR+l/P+cgw9lpjMrac4vZiQdKF2ivDy2imWo206pOORhv6mx3lhj5mQ4xImqv6gs9IdN6IxM2WFyukSWnAZLtNSwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)

  • watermark

    391144938

Targets

    • Target

      174735242aea0aac434f772400ccc5d8.exe

    • Size

      1.3MB

    • MD5

      174735242aea0aac434f772400ccc5d8

    • SHA1

      b7cc2f3f5d09d917805e4f1dd49303d930d59c50

    • SHA256

      0d214808a672a6096734ee1bf66596f7a025e2dd7b9b51dba084d15782de8b4b

    • SHA512

      26045a85250d58ee49adf7f2f668a217529891a64f57137b73c208d3729304a66451ad631451c847ed12491de50c4c5e01510fda4bf988380a889b190b38b251

    • SSDEEP

      24576:FxYAMR/6tF5ng+ON888dvF4HfiMI604E:FxYAMh2g+O5y4/2t

MITRE ATT&CK Matrix

Tasks