Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

c79f7d7838...c4.exe

windows7-x64

10

c79f7d7838...c4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c79f7d78389495662b189565b6b319e3360639ae6e58f97e64da571f154104c4

  • Size

    1.7MB

  • Sample

    230828-sv18lsfc2w

  • MD5

    7669fc10c0933e4d83317787f80af71d

  • SHA1

    04961cda745d1078c71242ae7fcbc66b90c9f260

  • SHA256

    c79f7d78389495662b189565b6b319e3360639ae6e58f97e64da571f154104c4

  • SHA512

    bad0de792537b27e6b6c752e38334e5844bc743778dab8c224dd19858e54c5d0f638bd01f4248d69f4600b94da328d889e474866659f925fa8b0cce4a7c4ced4

  • SSDEEP

    49152:AgVSr/4oJB3wd8rb/TLvO90d7HjmAFd4A64nsfJpfC08SgYMxoafb1:KrD3wd

Score
10/10
cobaltstrike100000backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://13.51.150.99:10011/ioAD

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://13.51.150.99:10011/search/

Attributes
  • access_type

    512

  • host

    13.51.150.99,/search/

  • http_header1

    AAAAEAAAABJIb3N0OiB3d3cuYmluZy5jb20AAAAKAAAAR0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44AAAACgAAADhDb29raWU6IERVUD1RPUdwTzFuSnBNbmFtNFVsbEVmbWVNZGcyJlQ9MjgzNzY3MDg4JkE9MSZJRwAAAAcAAAAAAAAADQAAAAUAAAABcQAAAAkAAAAJZ289U2VhcmNoAAAACQAAAAVxcz1icwAAAAkAAAAJZm9ybT1RQlJFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAABJIb3N0OiB3d3cuYmluZy5jb20AAAAKAAAAR0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44AAAACgAAADhDb29raWU6IERVUD1RPUdwTzFuSnBNbmFtNFVsbEVmbWVNZGcyJlQ9MjgzNzY3MDg4JkE9MSZJRwAAAAcAAAABAAAADQAAAAUAAAABcQAAAAkAAAAJZ289U2VhcmNoAAAACQAAAAVxcz1icwAAAAcAAAAAAAAADQAAAAUAAAAEZm9ybQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    GET

  • jitter

    5120

  • polling_time

    60000

  • port_number

    10011

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDohWpPN9dK5Iaq3j5MARwhwXxMD+LZJY92SEg755tH3cbGJDwjAjae+Cq14PUO5w33EpPbdmLoEfwZmXv2Zz/AYj0O8mNmRw35sEPhPXGKj1Snqz4qS1EVBYgJOSMLEUCg7LBwHQtvsGnoZjszjkVqf9Hi9INcnBF8qLyh4JrKQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    3.82554112e+09

  • unknown2

    AAAABAAAAAEAAANBAAAAAgAAAqMAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown3

    1.610612736e+09

  • uri

    /Search/

  • user_agent

    Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

  • watermark

    100000

Targets

    • Target

      c79f7d78389495662b189565b6b319e3360639ae6e58f97e64da571f154104c4

    • Size

      1.7MB

    • MD5

      7669fc10c0933e4d83317787f80af71d

    • SHA1

      04961cda745d1078c71242ae7fcbc66b90c9f260

    • SHA256

      c79f7d78389495662b189565b6b319e3360639ae6e58f97e64da571f154104c4

    • SHA512

      bad0de792537b27e6b6c752e38334e5844bc743778dab8c224dd19858e54c5d0f638bd01f4248d69f4600b94da328d889e474866659f925fa8b0cce4a7c4ced4

    • SSDEEP

      49152:AgVSr/4oJB3wd8rb/TLvO90d7HjmAFd4A64nsfJpfC08SgYMxoafb1:KrD3wd

    Score
    10/10
    cobaltstrike100000backdoortrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.