Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b17d23ea9c0f3e5c97867599a903fbff.bin
-
Size
121KB
-
Sample
230717-b94hvaae5z
-
MD5
caeb1fb7660fbaa4919d9b2ac299118b
-
SHA1
5482d7d891ce0e36a3383ef08133f5c5cb73e4da
-
SHA256
5709767906d949769cf26e6ddd9e60ce0f75c4887796d80d8d02f790fea5d728
-
SHA512
28e7039876c9246ba8fbc214fea29d4809ea1723c3844dd124a3eed129a428f0725eeef592582df8e03e0ac018e0c98aabf42c6f07ebb9e63de621f429b20e4c
-
SSDEEP
3072:szzXGFjYP0vuJRr8g+6zvHt3k1jg8FkzNP8hYYGAB:GaVI0WYv6DHOjg8FuNP87G6
Malware Config
Extracted
cobaltstrike
666666
http://service-4yorw5on-1310046338.bj.apigw.tencentcs.com:443/s
-
access_type
512
-
beacon_type
2048
-
host
service-4yorw5on-1310046338.bj.apigw.tencentcs.com,/s
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAA8QkFJRFVJRD04OUJDOTQ3M0U2MDNEODtCSURVUFNJRD04OUJDOTRFMjJERDAxOTtyc3Zfam1wX3Nsb3c9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAA8QkFJRFVJRD04OUJDOTQ3M0U2MDNEODtCSURVUFNJRD04OUJDOTRFMjJERDAxOTtyc3Zfam1wX3Nsb3c9AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
11008
-
polling_time
50000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDASkBNxG937VYrqwDEI9Euaiu9pUK1HLNs3B4Qa3+oKUB98PXvBfNj0L15dIarQ4YidB59FjJU9/PJF/BX9iC0FR7bsusvJW0UBMC/ly6mLUCinPlgsL8eKdPvkgY/zCizjCeHe3WCneCs0HgJ2P41eOK48eTgWvM8IABrDQP+uwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.868436736e+09
-
unknown2
AAAABAAAAAEAAAXVAAAAAgAAA0IAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/S
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36
-
watermark
666666
Targets
-
-
Target
6b3be5de40b3f2d063389b53e5fc63950ee2b9aad46d5ecc1e23c546746952b3.exe
-
Size
233KB
-
MD5
b17d23ea9c0f3e5c97867599a903fbff
-
SHA1
52ece5b5aa391c863e93ae4553aa4863260c5d92
-
SHA256
6b3be5de40b3f2d063389b53e5fc63950ee2b9aad46d5ecc1e23c546746952b3
-
SHA512
fd41640d0d7a64fe6f5fd2ae466b97dfa66f8c191f9625c862730eddc78fa76653a656cd372fb1a1bb21b84223a5046448887501496523c7d2a98271e2e90b3b
-
SSDEEP
3072:bFzIvEdt1bmmkKKgTVVVDEunfs9ivZ+J97NCqZu0/N1ipwz9xKu:Rzrf1bkgN5sbR8AN1Jpwu
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-