Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2.rar
-
Size
11.2MB
-
Sample
230704-n6yjmscd27
-
MD5
5b40894173e326769717d6e674e1f3a9
-
SHA1
138a39de0b3b508a730c65ac5179313d0e04cdb4
-
SHA256
5f32e0dc9f61a1e42358a767b7a83c022beea760322b15d16c8c0c613294a5e8
-
SHA512
502f4cdd81267148548d1813c919140b9b2ff8d27a3ccf32eba6f1f98b1346ba43ffe6007659ec11416bb7bbdccf13f4ce912b6e4b1c28fd29e5402b5ee7c9ce
-
SSDEEP
196608:H5elX09U2eAt7TFaMIMQRqRHZIRotwO+YXBmCAhv917UJ7pp:H5eSJeY7ZapMWqRHZIRup7X5w9+JNp
Behavioral task
behavioral1
Sample
2/02f55bf8.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
2/02f55bf8.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
2/4afbc363.exe
Resource
win7-20230703-en
Behavioral task
behavioral4
Sample
2/4afbc363.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
cobaltstrike
http://1.117.176.254:443/bootstrap-2.min.js
-
user_agent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Host: 360.com
Extracted
cobaltstrike
100000
http://1.117.176.254:443/pixel.gif
-
access_type
512
-
beacon_type
2048
-
host
1.117.176.254,/pixel.gif
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi11cwAAAAoAAAAbQWNjZXB0LUVuY29kaW5nOiB0ZXh0L3BsYWluAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsdHJ5dHJ5ZAAAAAcAAAAAAAAAAwAAAAIAAAAiU0VTU0lPTklEPXdxZTQ1NHdxZTJkczE1ZHM0ZHNhNWRzNAAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi11cwAAAAoAAAAbQWNjZXB0LUVuY29kaW5nOiB0ZXh0L3BsYWluAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsdHJ5dHJ5ZAAAAAcAAAAAAAAAAwAAAAIAAAAjSlNFU1NJT049ZHNmNXNkNGY1ZTQ1ZmU0czY1ZDRmODU2ZTQAAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
3000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQOS1tdAHzcNgyjUTH+CrnnE2PDel3qW6WADi7pZZQ68UGwCRh15Sgxaz4agqp55YEbz0yo5I/6k75mr+EsHZOKM5UiQQepX0MARLEMkMCMRg0Kow4GR0t8bPQhc2EOTO1eI9oth6jy4caAiPC3kGIYsjNXv3ELHzvE25gljx71wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/Login.php
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
-
watermark
100000
Targets
-
-
Target
2/02f55bf8.exe
-
Size
1.1MB
-
MD5
ea59ba7e6e3f6c5cf59094fa855c256f
-
SHA1
597e8e5a857982d03e82498a20d51fd03f1a230c
-
SHA256
a5380558b5d0ead794ac3970b904c8412aaa417ffa426f18c3dc62b42e991711
-
SHA512
eceaa9e718beb52571b67cc3787e2d0dd3612ad7ec02a2309889a91cc73a5cadefc0a53eb859072cfe6e8caee23bc9dd47717048d9b868b0a7aa38fc89ce6eac
-
SSDEEP
24576:zc7ZTgQZu3K6TCGCBn1QL5wKCCrqPRdaMiexHVTMv:o7dgQZu6cN0I5wVC+PLTx1Y
Score1/10 -
-
-
Target
2/4afbc363.exe
-
Size
10.9MB
-
MD5
7a94e3afa9b82ddc73184ee0349fc022
-
SHA1
47cf0b7e2848f74b71478cbb80dd2eb338fd3181
-
SHA256
15ef1811e340b32689a63154839dc7585f4fdc4acc7a2433a57c3f3b3c0763ff
-
SHA512
f591e2ad88b3646007182b135764da0a7de2045ed139094c3ebf8e4e353e319d608e9bc36bcdc1dd6b291ec717f50eae4e9efa10829d49b49ba0db3a18c7b3ac
-
SSDEEP
196608:yaLaAXcHL2Vmd6+DTrLZy7YM30Lzajk/1q3+dgSXpAmA0W8/LaVr0KVQT:ZxcHL2Vmd6mT0Gzajaq3+d9XSmHW8g0N
Score10/10-
Loads dropped DLL
-