Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b0c6734f8ee36ccfd2d10158c45fb3420b9a1ca8f168e235178a8d76f1592973.zip

  • Size

    127KB

  • Sample

    240728-c94paatflm

  • MD5

    8f8dd477cb41c53622eec5b8c88d9ef0

  • SHA1

    1cd890f7d8418a3c1e5b2908b8f71e6300cd3523

  • SHA256

    08f9a948229cadd8562540887e3c33c13f6f5a2aa463a77cfdba89afe469a08a

  • SHA512

    d06375f6d5159008e0a9874e423576e30de280608a9676d7011db9f80aa8d8f4a823eabd72ffc22fcec1a337ef17d66dea48b0a4e44dcce4a632901cfde09862

  • SSDEEP

    3072:WEWZmt6/l/AAkCWEiR3VSNvm53XrAkqc5gtM:ym2AAkwiRlSN+VAkqWYM

Score
10/10

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

C2

http://137.184.16.26:8080/fwlink

Attributes
  • access_type

    512

  • host

    137.184.16.26,/fwlink

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    8080

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtCn5iCi+YLOzSHzWWGn0CAC/24ExcoUg5jIv7S+rccrM37+W3/gIZ+1T5oX1w/T0g48YrU+loE6CwdwRc1LfvnnQ0UKhbqNJbtlUAwAvNzQBZTVTQ2iSCmCfLtaZCSOCCFlwCTduzHhF6aaSYk9MAbos7dPjIpXe5atK5+K8EzwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)

  • watermark

    305419896

Targets

    • Target

      b0c6734f8ee36ccfd2d10158c45fb3420b9a1ca8f168e235178a8d76f1592973

    • Size

      256KB

    • MD5

      08c833043995400d29a3d7b127ac4ef7

    • SHA1

      3f04755a421066714fba12c410991c5c111b067e

    • SHA256

      b0c6734f8ee36ccfd2d10158c45fb3420b9a1ca8f168e235178a8d76f1592973

    • SHA512

      3e626f0706c6e30525a3661cfce043222ef3e475815478b3ae688f09f581a61097c72f3735937fa08dac037647cdf6e409374701880f3c387e54e79795cef0d8

    • SSDEEP

      3072:TJwpS2NACV4qAbypuljJGnJYoTjqETdtbsnOfFwXVa/M494YJGaXMjKHnaH:TJwpYVNcn3pTdNe+WXVi74u1H

    Score
    1/10

MITRE ATT&CK Matrix

Tasks