Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1653cf01f7...e8.exe

windows7-x64

7

1653cf01f7...e8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1653cf01f7d1c267b4ec6db384dcc81cb886847a09b4811df78e07ab1795cbe8

  • Size

    13.3MB

  • Sample

    230828-rgh97see6x

  • MD5

    9c351eadb8cb394bb802a16c465284df

  • SHA1

    b1a7a7ec35574cac4aea39be9380fbd98a2e0fb4

  • SHA256

    1653cf01f7d1c267b4ec6db384dcc81cb886847a09b4811df78e07ab1795cbe8

  • SHA512

    28c5b3aafe54250c8ee3ed72fd710ab1b955ede6803565bfcf0a95ae7770de52876d780e86e40be53d2b1b9d2f28ac7a24aa8305b4698a83a806a23d41608ff2

  • SSDEEP

    393216:zu7L/m/m3pMUAL2Vmd6mKMBkQJ4BSZ4aBGMki0M:zCLuKDAyVmdUkb4E+Mki0M

Score
10/10
cobaltstrike391144938backdoorpyinstallertrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://123.249.40.202:83/fEmE

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Extracted

Family

cobaltstrike

Botnet

391144938

C2

http://123.249.40.202:83/load

Attributes
  • access_type

    512

  • host

    123.249.40.202,/load

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    60000

  • port_number

    83

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCM6VoZxXhwL5r0suP+sfUQ2li+PzR2/aZ7yI7l0o+UM4qAcoo5IDVn5J1we7nObfo5zOTwx+Qkr133DRXTlzjWLF0rp3zXRWOd2yrrGUwv6JNpx+BnuUjFPkZxEsA4DQg7LBnrRCfCLoTYFYSsqw2ihFPJwEdOxvh7ELKuJYoUXwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)

  • watermark

    391144938

Targets

    • Target

      1653cf01f7d1c267b4ec6db384dcc81cb886847a09b4811df78e07ab1795cbe8

    • Size

      13.3MB

    • MD5

      9c351eadb8cb394bb802a16c465284df

    • SHA1

      b1a7a7ec35574cac4aea39be9380fbd98a2e0fb4

    • SHA256

      1653cf01f7d1c267b4ec6db384dcc81cb886847a09b4811df78e07ab1795cbe8

    • SHA512

      28c5b3aafe54250c8ee3ed72fd710ab1b955ede6803565bfcf0a95ae7770de52876d780e86e40be53d2b1b9d2f28ac7a24aa8305b4698a83a806a23d41608ff2

    • SSDEEP

      393216:zu7L/m/m3pMUAL2Vmd6mKMBkQJ4BSZ4aBGMki0M:zCLuKDAyVmdUkb4E+Mki0M

    Score
    10/10
    cobaltstrike391144938backdoortrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks