Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
extractor.exe
-
Size
6.8MB
-
Sample
230818-c7vzcsge3v
-
MD5
96e6770b7fb1b91fbbf7da53fe80c0d8
-
SHA1
51424b25cb1151242755ab4f28484093aba3baf9
-
SHA256
9d0302af3cd6fb88ccc2cf022a6abe0ecb502f1a7d8226ecea45731cd09c7cef
-
SHA512
504a7bb19403d027634ad6f8ca5cd895b6a0f758b716acc710522466d2a044b1522002d7381875fb8a5b97d36df8f36795117282ced9808132399f8b8211a90e
-
SSDEEP
98304:w3Jzct4drEm7pn9f3ez9A/PUvYQgQK90fejU1:IJ84d4mdVue3pQKah
Static task
static1
Behavioral task
behavioral1
Sample
extractor.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
extractor.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
cobaltstrike
1580103824
http://60.204.140.244:2333/activity
-
access_type
512
-
beacon_type
2048
-
host
60.204.140.244,/activity
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
2333
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQzeS7XpUi+1Lg6sZxI9EpB5Dof9htZC5f6J0XJ2Ooshhw9JP6Cbwk62FvCwdZ/lJosbGvz+ZndymEYjdbagsaFzwi13r+U8XWRDswOy2SajPfQe8oqB/Wyq8/iZSkD8HqbyTTNctvHPx3RI+nyrN8MCC80ejHHNbZG1rOSrzKcQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)
-
watermark
1580103824
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
extractor.exe
-
Size
6.8MB
-
MD5
96e6770b7fb1b91fbbf7da53fe80c0d8
-
SHA1
51424b25cb1151242755ab4f28484093aba3baf9
-
SHA256
9d0302af3cd6fb88ccc2cf022a6abe0ecb502f1a7d8226ecea45731cd09c7cef
-
SHA512
504a7bb19403d027634ad6f8ca5cd895b6a0f758b716acc710522466d2a044b1522002d7381875fb8a5b97d36df8f36795117282ced9808132399f8b8211a90e
-
SSDEEP
98304:w3Jzct4drEm7pn9f3ez9A/PUvYQgQK90fejU1:IJ84d4mdVue3pQKah
Score10/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-