Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695
-
Size
2.1MB
-
Sample
231115-zgp2rafb6s
-
MD5
859bf6f860060b850a4f290072380211
-
SHA1
3783a5ba2c65512c6e6c20e1c1a9d6dade1f2257
-
SHA256
8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695
-
SHA512
d6d4b89296366c95096dd577d421853d08e801cc2f026ffa7f8f296ce421f9f84b777f3dfa5be877cbefabb3f64324375bbdcee86ec6149ef7834d56cb19cb5e
-
SSDEEP
24576:Vhjm8fc/ZEomkDoldCM3xvmiFfR00k/7PkFKbyrf6:r90u7HFfR0f7ja6
Malware Config
Extracted
cobaltstrike
12345
http://geocitesbbc.com:443/callable
-
access_type
512
-
beacon_type
2048
-
host
geocitesbbc.com,/callable
-
http_header1
AAAAEAAAABVIb3N0OiBnZW9jaXRlc2JiYy5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAABwAAAAAAAAAPAAAAAwAAAAIAAAAHTFhHVUlEPQAAAAYAAAAGQ29va2llAAAACQAAAA9pbnRlcnJ1cHQ9ZmFsc2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABVIb3N0OiBnZW9jaXRlc2JiYy5jb20AAAAKAAAAEUNvbm5lY3Rpb246IGNsb3NlAAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41AAAACgAAABhDb250ZW50LVR5cGU6IHRleHQvcGxhaW4AAAAHAAAAAQAAAA8AAAADAAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9984
-
polling_time
42
-
port_number
443
-
sc_process32
%windir%\syswow64\w32tm.exe
-
sc_process64
%windir%\sysnative\w32tm.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLM4J9O0m8TuhWhBdQoftl0i+1WQjhrUo8jlgb4wxjeOVKkNflC1MTu6xKTC/wBhEb0MBMChes1WKMTP1oCIqkmdBUvFpyzW8IRUXQkJ+1Bb4ynGMUd4Js14t35sbJNxhp5lRGsd0jpsQgBqby6GpXot0wRvYxp6p3oLNDY/uPywIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.025605888e+09
-
unknown2
AAAABAAAAAIAAAJYAAAAAwAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/switch
-
user_agent
Mozilla/5.0 (Linux; Android 11; CPH2127) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
-
watermark
12345
Targets
-
-
Target
8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695
-
Size
2.1MB
-
MD5
859bf6f860060b850a4f290072380211
-
SHA1
3783a5ba2c65512c6e6c20e1c1a9d6dade1f2257
-
SHA256
8d6a398f97d734412de03340bbb8237d00c519479649af8933afb8fb4fa2f695
-
SHA512
d6d4b89296366c95096dd577d421853d08e801cc2f026ffa7f8f296ce421f9f84b777f3dfa5be877cbefabb3f64324375bbdcee86ec6149ef7834d56cb19cb5e
-
SSDEEP
24576:Vhjm8fc/ZEomkDoldCM3xvmiFfR00k/7PkFKbyrf6:r90u7HFfR0f7ja6
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-