Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

a834e5719f...34.exe

windows7-x64

10

a834e5719f...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a834e5719f48a4395e41112499245dd821007f623614de089947bbfdc7254734

  • Size

    3.6MB

  • Sample

    231117-mry17agg84

  • MD5

    ce7d60debc5ac0cc90aef9ebf8b8cc01

  • SHA1

    7bea480bd536850bd49e26865c907cf867b9e9d0

  • SHA256

    a834e5719f48a4395e41112499245dd821007f623614de089947bbfdc7254734

  • SHA512

    a22cc0d52c657edba11608adf31d1b722aee0bcdab7ecacd47dc62a53045dc37a276fe1c83dbb456d44d3614d93a9775037afc816e4846cc967ae0490c27aedb

  • SSDEEP

    49152:N5VY3ApdEjL7Jci2w/9MUvGsan4C3MAt6v+jnCVQ3kOsAWKD12u:3V16jLbAU

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://59.42.194.18:1941/UJwG

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)

Targets

    • Target

      a834e5719f48a4395e41112499245dd821007f623614de089947bbfdc7254734

    • Size

      3.6MB

    • MD5

      ce7d60debc5ac0cc90aef9ebf8b8cc01

    • SHA1

      7bea480bd536850bd49e26865c907cf867b9e9d0

    • SHA256

      a834e5719f48a4395e41112499245dd821007f623614de089947bbfdc7254734

    • SHA512

      a22cc0d52c657edba11608adf31d1b722aee0bcdab7ecacd47dc62a53045dc37a276fe1c83dbb456d44d3614d93a9775037afc816e4846cc967ae0490c27aedb

    • SSDEEP

      49152:N5VY3ApdEjL7Jci2w/9MUvGsan4C3MAt6v+jnCVQ3kOsAWKD12u:3V16jLbAU

    Score
    10/10
    cobaltstrikebackdoortrojan

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks