Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    612b6c61997cf656470d43a301bb907c67b60f5af5d0aff85cd6002020145d99

  • Size

    1.8MB

  • Sample

    240611-2enr1svalb

  • MD5

    6e0d556f493b172ce9e8d26913b2e494

  • SHA1

    80db12bd38202e842314f57d839201d00a46f9e1

  • SHA256

    612b6c61997cf656470d43a301bb907c67b60f5af5d0aff85cd6002020145d99

  • SHA512

    b38b696377206c9147dd9d316b710c918f40d9fff0be39a16ece1f66494393c09eff7b29f4b321d1832e7f07f8fbf6279ef46fa13931ee55b857efd28917c96c

  • SSDEEP

    24576:RXi9jPyc7sSFVg/dpeNw4mfFDfYobU6gu2g2DIRgDh2c/He0z1:RXi9jbfFVdDWgF2YHe0z1

Malware Config

Extracted

Family

cobaltstrike

Botnet

426352781

C2

http://www.instagam.club:443/__utm.gif

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    www.instagam.club,/__utm.gif

  • http_header1

    AAAACQAAABJ1dG1hYz1VQS0yMjAyNjA0LTIAAAAJAAAAB3V0bWNuPTEAAAAJAAAAEHV0bWNzPUlTTy04ODU5LTEAAAAJAAAAD3V0bXNyPTEyODB4MTAyNAAAAAkAAAAMdXRtc2M9MzItYml0AAAACQAAAAt1dG11bD1lbi1VUwAAABAAAAAXSG9zdDogd3d3Lmluc3RhZ2FtLmNsdWIAAAAHAAAAAAAAAAgAAAACAAAABl9fdXRtYQAAAAUAAAAFdXRtY2MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAAAgAAAAZVQS0yMjAAAAABAAAAAi0yAAAABQAAAAV1dG1hYwAAAAkAAAAHdXRtY249MQAAAAkAAAAQdXRtY3M9SVNPLTg4NTktMQAAAAkAAAAPdXRtc3I9MTI4MHgxMDI0AAAACQAAAAx1dG1zYz0zMi1iaXQAAAAJAAAAC3V0bXVsPWVuLVVTAAAAEAAAABdIb3N0OiB3d3cuaW5zdGFnYW0uY2x1YgAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    1280

  • polling_time

    3000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJJA0VN5NSfAiFoL4tKOMIkUnnVJPRgFDWhLsjVeErvhm5yRxM9LPk3FYP/IDhGQ8hhc+A1hzZpF9WCrQNXD0zKjnb45u/wA6owEQNiietXhU1R5fnB/zWoqA1roJ6LkPPp7CR68flEn3dzINiIpt0B9ustr6ZM/1V5y6QKLOYbwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    6.71092736e+08

  • unknown2

    AAAABAAAAAIAAAAPAAAAAgAAAA8AAAACAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /___utm.gif

  • user_agent

    Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAGWJS)

  • watermark

    426352781

Targets

    • Target

      612b6c61997cf656470d43a301bb907c67b60f5af5d0aff85cd6002020145d99

    • Size

      1.8MB

    • MD5

      6e0d556f493b172ce9e8d26913b2e494

    • SHA1

      80db12bd38202e842314f57d839201d00a46f9e1

    • SHA256

      612b6c61997cf656470d43a301bb907c67b60f5af5d0aff85cd6002020145d99

    • SHA512

      b38b696377206c9147dd9d316b710c918f40d9fff0be39a16ece1f66494393c09eff7b29f4b321d1832e7f07f8fbf6279ef46fa13931ee55b857efd28917c96c

    • SSDEEP

      24576:RXi9jPyc7sSFVg/dpeNw4mfFDfYobU6gu2g2DIRgDh2c/He0z1:RXi9jbfFVdDWgF2YHe0z1

MITRE ATT&CK Matrix

Tasks