Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Dgc_se.exe

  • Size

    1.5MB

  • Sample

    230831-3q37hsbe28

  • MD5

    36afdb6136aa3dda6484583cbbf674b7

  • SHA1

    0e2378dbfcf0921d1ce2690a9164f3170ca2cb47

  • SHA256

    c27da32c7d176766975f8e7aae3e011efe1522336527f48d8ee4bcd28ca1922c

  • SHA512

    dae854e7a6db812e93d733195fe03c863dac3f78d4fa44b09ce19a3fb907ad2f81eff627e3933d81ea1a2b0079393c79a91296c0696e675c3d298d8a10c3ec04

  • SSDEEP

    24576:DFrr+pkCzK7/SMD2mqs51jR1s7MnmTaCYDBUU1bw5ekx1x4/b77QXWsmCPW4mq:Dh+pkCzHtmqsPE7I40dwekx12H7I9P

Malware Config

Extracted

Family

cobaltstrike

C2

http://103.101.204.59:8888/caPI

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://103.101.204.59:8888/ptj

http://kong.riieco.eu.org:8888/pixel.gif

Attributes
  • access_type

    512

  • host

    103.101.204.59,/ptj,kong.riieco.eu.org,/pixel.gif

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    8888

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnCZHWnYFqYB/6gJdkc4MPDTtBJ20nkEAd3tsY4tPKs8MV4yIjJb5CtlrbKHjzP1oD/1AQsj6EKlEMFIKtakLx5+VybrMYE+dDdkDteHmVX0AeFyw001FyQVlt1B+OSNPRscKI5sh1L/ZdwnrMy6S6nNbQ5N5hls6k2kgNO5nQ7QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP09; NP09; MAAU)

  • watermark

    305419896

Extracted

Family

cobaltstrike

Botnet

0

Attributes
  • watermark

    0

Targets

    • Target

      Dgc_se.exe

    • Size

      1.5MB

    • MD5

      36afdb6136aa3dda6484583cbbf674b7

    • SHA1

      0e2378dbfcf0921d1ce2690a9164f3170ca2cb47

    • SHA256

      c27da32c7d176766975f8e7aae3e011efe1522336527f48d8ee4bcd28ca1922c

    • SHA512

      dae854e7a6db812e93d733195fe03c863dac3f78d4fa44b09ce19a3fb907ad2f81eff627e3933d81ea1a2b0079393c79a91296c0696e675c3d298d8a10c3ec04

    • SSDEEP

      24576:DFrr+pkCzK7/SMD2mqs51jR1s7MnmTaCYDBUU1bw5ekx1x4/b77QXWsmCPW4mq:Dh+pkCzHtmqsPE7I40dwekx12H7I9P

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.