Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

aab3eb9f21...18.exe

windows7-x64

10

aab3eb9f21...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aab3eb9f21a65756920f8c2225048c56_JaffaCakes118

  • Size

    212KB

  • Sample

    240819-mwfemszcqg

  • MD5

    aab3eb9f21a65756920f8c2225048c56

  • SHA1

    00b979930ce451419e2a0583b42576463e0df65f

  • SHA256

    aead42ddfdaf387ce5dca9a5f4cb559fda721954e2f796e7e6cd981b6e06144a

  • SHA512

    68e4f6dbfdd752736aa28dd70efab1d5609c63e142b0094fe26795b50ac656b9c4eed9096c38850260663a9fb9860454c2d64646377633b4ee980cb4e593c9ce

  • SSDEEP

    3072:oKdoleKfKf1S7KI9wzET3ksCc88z9ltq/SGhJisRT8lusvwdoym:oKdlKfKs7KI9wolCcbXGms+FvY

Score
10/10
emotetepoch2bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

38.18.235.242:80

5.196.108.189:8080

121.124.124.40:7080

104.236.246.93:8080

113.61.66.94:80

120.150.60.189:80

91.211.88.52:7080

47.144.21.12:443

108.46.29.236:80

139.162.108.71:8080

134.209.36.254:8080

139.59.60.244:8080

66.65.136.14:80

76.175.162.101:80

174.106.122.139:80

95.213.236.64:8080

174.45.13.118:80

50.35.17.13:80

209.141.54.221:8080

87.106.139.101:8080
rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANQOcBKvh5xEW7VcJ9totsjdBwuAclxS
3
Q0e09fk8V053lktpW3TRrzAW63yt6j1KWnyxMrU3igFXypBoI4lVNmkje4UPtIIS
4
fkzjEIvG1v/ZNn1k0J0PfFTxbFFeUEs3AwIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      aab3eb9f21a65756920f8c2225048c56_JaffaCakes118

    • Size

      212KB

    • MD5

      aab3eb9f21a65756920f8c2225048c56

    • SHA1

      00b979930ce451419e2a0583b42576463e0df65f

    • SHA256

      aead42ddfdaf387ce5dca9a5f4cb559fda721954e2f796e7e6cd981b6e06144a

    • SHA512

      68e4f6dbfdd752736aa28dd70efab1d5609c63e142b0094fe26795b50ac656b9c4eed9096c38850260663a9fb9860454c2d64646377633b4ee980cb4e593c9ce

    • SSDEEP

      3072:oKdoleKfKf1S7KI9wzET3ksCc88z9ltq/SGhJisRT8lusvwdoym:oKdlKfKs7KI9wolCcbXGms+FvY

    Score
    10/10
    emotetepoch2bankerdiscoverytrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Emotet payload

      Detects Emotet payload in memory.

      trojanbanker
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.