Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-05-24_0a81050f2c9942038b27236bd1b8becf_cobalt-strike_cobaltstrike
-
Size
349KB
-
Sample
240524-ezkjrsda73
-
MD5
0a81050f2c9942038b27236bd1b8becf
-
SHA1
28add56e2ec688ef76f9508bce01d09bca5a6bbe
-
SHA256
0f03b9c1b7b35f22c6f0fe2a6418e58306fdfc16214756dc052db2d3a2f1b1df
-
SHA512
7073ff1c18ddf4c9b535c71c1f16d6c5751de11c09e1d43df839207fe0f7d1695fbdb5d4df7f165e670033dbfcc80dee537c62b3fa772b4e31b0c76b0e3ef1f7
-
SSDEEP
6144:6FQTuDshCaqGc0bPzIpt8ahTw8PHA8itQgRQvOuE:6FUj18L8aS2E/RQv
Behavioral task
behavioral1
Sample
2024-05-24_0a81050f2c9942038b27236bd1b8becf_cobalt-strike_cobaltstrike.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-05-24_0a81050f2c9942038b27236bd1b8becf_cobalt-strike_cobaltstrike.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
cobaltstrike
520
http://183.136.216.35:443/auth/data
http://14.29.98.35:443/auth/data
http://121.32.228.35:443/auth/data
http://119.96.52.35:443/auth/data
http://111.177.3.35:443/auth/data
http://114.80.30.35:443/auth/data
http://119.100.50.35:443/auth/data
http://183.56.138.35:443/auth/data
http://113.113.73.35:443/auth/data
http://220.194.65.35:443/auth/data
-
access_type
512
-
beacon_type
2048
-
host
183.136.216.35,/auth/data,14.29.98.35,/auth/data,121.32.228.35,/auth/data,119.96.52.35,/auth/data,111.177.3.35,/auth/data,114.80.30.35,/auth/data,119.100.50.35,/auth/data,183.56.138.35,/auth/data,113.113.73.35,/auth/data,220.194.65.35,/auth/data
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
10000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPA6CRY/EJOhNXBEiMFIPmA262UwP+bK4hNeLwuLfxfhP14bUalQ6LZlrsy8yG/+Sg8864x7PyCcB2sqgELFQ2E3DfEyeclXj26sBNdCEjpFOuZzu3o0gFJ46a8kW32NoYE4xq8ooPSZo1EHmMqAnV8i7WvljqjqeYIp5HgyPFkQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/auth-server/token
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/539.35 (KHTML, like Gecko) Chrome/75.0.379.172 Safari/539.35
-
watermark
520
Targets
-
-
Target
2024-05-24_0a81050f2c9942038b27236bd1b8becf_cobalt-strike_cobaltstrike
-
Size
349KB
-
MD5
0a81050f2c9942038b27236bd1b8becf
-
SHA1
28add56e2ec688ef76f9508bce01d09bca5a6bbe
-
SHA256
0f03b9c1b7b35f22c6f0fe2a6418e58306fdfc16214756dc052db2d3a2f1b1df
-
SHA512
7073ff1c18ddf4c9b535c71c1f16d6c5751de11c09e1d43df839207fe0f7d1695fbdb5d4df7f165e670033dbfcc80dee537c62b3fa772b4e31b0c76b0e3ef1f7
-
SSDEEP
6144:6FQTuDshCaqGc0bPzIpt8ahTw8PHA8itQgRQvOuE:6FUj18L8aS2E/RQv
Score10/10 -