Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1c83f6400322233a1b04ba2ac7c5cd1b0b2c694425dcef6a67337071a885ff41
-
Size
218KB
-
Sample
240616-rqwlwswgkd
-
MD5
12f569ef433933aa962930face9d86d5
-
SHA1
121a28c2b987756916acb5b2ff3bcf1f678e9156
-
SHA256
1c83f6400322233a1b04ba2ac7c5cd1b0b2c694425dcef6a67337071a885ff41
-
SHA512
4e4cff47d92cdb7a17eb77dedad7a664fba125866a723ba7739161d093565e3ad2a32221e7ee0fea838cbb03bb868c5e9694c613583a5c7018c8b8554a7aaf52
-
SSDEEP
3072:4fyTFpiSc43UtiD8Umh8I6lk0bF+EjJeNDU2a7i78nifiRjdUh5zoBS:4flD4ktiD8UI8I66C+6AsXnifujR
Malware Config
Extracted
cobaltstrike
674054486
http://64.7.199.88:10443/dot.gif
-
access_type
512
-
beacon_type
2048
-
host
64.7.199.88,/dot.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
10443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCRkOH1PWZbErAU9Q8LK8vRIYhbsIVabpFrzorvIeiWUidEt6dYlfnz7jHjiQwP6Sq4drXA23xe9QfIohsaaFkiW59kvKQA5SDd7iwGHMRqpBQa1NmGyB+8CBnd/cChZ1koA7ta7QJnpCVZ/LwioQ+sxXPZtC09DqrWv6MYcGrPxwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
-
watermark
674054486
Targets
-
-
Target
1c83f6400322233a1b04ba2ac7c5cd1b0b2c694425dcef6a67337071a885ff41
-
Size
218KB
-
MD5
12f569ef433933aa962930face9d86d5
-
SHA1
121a28c2b987756916acb5b2ff3bcf1f678e9156
-
SHA256
1c83f6400322233a1b04ba2ac7c5cd1b0b2c694425dcef6a67337071a885ff41
-
SHA512
4e4cff47d92cdb7a17eb77dedad7a664fba125866a723ba7739161d093565e3ad2a32221e7ee0fea838cbb03bb868c5e9694c613583a5c7018c8b8554a7aaf52
-
SSDEEP
3072:4fyTFpiSc43UtiD8Umh8I6lk0bF+EjJeNDU2a7i78nifiRjdUh5zoBS:4flD4ktiD8UI8I66C+6AsXnifujR
Score3/10 -