Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5c2c97648c330cf042d76e67a7cc6410498777f35a6340067f308f02f064a3a0

  • Size

    327KB

  • Sample

    231105-gcjeasdc56

  • MD5

    81326cc4a4e14796d22e0072f117726b

  • SHA1

    18bd2cbcab0fa332b6097eb16efb4983dd3c4322

  • SHA256

    5c2c97648c330cf042d76e67a7cc6410498777f35a6340067f308f02f064a3a0

  • SHA512

    57b70e840ec819aa9813db7878d04c36766ad2fbe078ea6d7317d548838c4b8333f9585e04382d3bbe9e2fbd82d158dffd4ce189a26a9f09ace0962d906f1bb7

  • SSDEEP

    6144:jiubWrNSOetO6cprlQAOWizGLIoSdQX+tJs0/U:uubsNSOetfARQAPyGU2X+tZ/U

Malware Config

Extracted

Family

cobaltstrike

C2

http://111.229.75.4:80/CcnI

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ESES)

Targets

    • Target

      5c2c97648c330cf042d76e67a7cc6410498777f35a6340067f308f02f064a3a0

    • Size

      327KB

    • MD5

      81326cc4a4e14796d22e0072f117726b

    • SHA1

      18bd2cbcab0fa332b6097eb16efb4983dd3c4322

    • SHA256

      5c2c97648c330cf042d76e67a7cc6410498777f35a6340067f308f02f064a3a0

    • SHA512

      57b70e840ec819aa9813db7878d04c36766ad2fbe078ea6d7317d548838c4b8333f9585e04382d3bbe9e2fbd82d158dffd4ce189a26a9f09ace0962d906f1bb7

    • SSDEEP

      6144:jiubWrNSOetO6cprlQAOWizGLIoSdQX+tJs0/U:uubsNSOetfARQAPyGU2X+tZ/U

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks