Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2.rar

  • Size

    11.2MB

  • Sample

    230704-n6yjmscd27

  • MD5

    5b40894173e326769717d6e674e1f3a9

  • SHA1

    138a39de0b3b508a730c65ac5179313d0e04cdb4

  • SHA256

    5f32e0dc9f61a1e42358a767b7a83c022beea760322b15d16c8c0c613294a5e8

  • SHA512

    502f4cdd81267148548d1813c919140b9b2ff8d27a3ccf32eba6f1f98b1346ba43ffe6007659ec11416bb7bbdccf13f4ce912b6e4b1c28fd29e5402b5ee7c9ce

  • SSDEEP

    196608:H5elX09U2eAt7TFaMIMQRqRHZIRotwO+YXBmCAhv917UJ7pp:H5eSJeY7ZapMWqRHZIRup7X5w9+JNp

Malware Config

Extracted

Family

cobaltstrike

C2

http://1.117.176.254:443/bootstrap-2.min.js

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Host: 360.com

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://1.117.176.254:443/pixel.gif

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    1.117.176.254,/pixel.gif

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi11cwAAAAoAAAAbQWNjZXB0LUVuY29kaW5nOiB0ZXh0L3BsYWluAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsdHJ5dHJ5ZAAAAAcAAAAAAAAAAwAAAAIAAAAiU0VTU0lPTklEPXdxZTQ1NHdxZTJkczE1ZHM0ZHNhNWRzNAAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi11cwAAAAoAAAAbQWNjZXB0LUVuY29kaW5nOiB0ZXh0L3BsYWluAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsdHJ5dHJ5ZAAAAAcAAAAAAAAAAwAAAAIAAAAjSlNFU1NJT049ZHNmNXNkNGY1ZTQ1ZmU0czY1ZDRmODU2ZTQAAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    5120

  • polling_time

    3000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQOS1tdAHzcNgyjUTH+CrnnE2PDel3qW6WADi7pZZQ68UGwCRh15Sgxaz4agqp55YEbz0yo5I/6k75mr+EsHZOKM5UiQQepX0MARLEMkMCMRg0Kow4GR0t8bPQhc2EOTO1eI9oth6jy4caAiPC3kGIYsjNXv3ELHzvE25gljx71wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.481970944e+09

  • unknown2

    AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /Login.php

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36

  • watermark

    100000

Targets

    • Target

      2/02f55bf8.exe

    • Size

      1.1MB

    • MD5

      ea59ba7e6e3f6c5cf59094fa855c256f

    • SHA1

      597e8e5a857982d03e82498a20d51fd03f1a230c

    • SHA256

      a5380558b5d0ead794ac3970b904c8412aaa417ffa426f18c3dc62b42e991711

    • SHA512

      eceaa9e718beb52571b67cc3787e2d0dd3612ad7ec02a2309889a91cc73a5cadefc0a53eb859072cfe6e8caee23bc9dd47717048d9b868b0a7aa38fc89ce6eac

    • SSDEEP

      24576:zc7ZTgQZu3K6TCGCBn1QL5wKCCrqPRdaMiexHVTMv:o7dgQZu6cN0I5wVC+PLTx1Y

    Score
    1/10
    • Target

      2/4afbc363.exe

    • Size

      10.9MB

    • MD5

      7a94e3afa9b82ddc73184ee0349fc022

    • SHA1

      47cf0b7e2848f74b71478cbb80dd2eb338fd3181

    • SHA256

      15ef1811e340b32689a63154839dc7585f4fdc4acc7a2433a57c3f3b3c0763ff

    • SHA512

      f591e2ad88b3646007182b135764da0a7de2045ed139094c3ebf8e4e353e319d608e9bc36bcdc1dd6b291ec717f50eae4e9efa10829d49b49ba0db3a18c7b3ac

    • SSDEEP

      196608:yaLaAXcHL2Vmd6+DTrLZy7YM30Lzajk/1q3+dgSXpAmA0W8/LaVr0KVQT:ZxcHL2Vmd6mT0Gzajaq3+d9XSmHW8g0N

MITRE ATT&CK Matrix

Tasks