Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

bf96e07bcd...18.dll

windows7-x64

10

bf96e07bcd...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf96e07bcdc429818a656b2b1cd67776_JaffaCakes118

  • Size

    340KB

  • Sample

    240824-2tf1qatgnb

  • MD5

    bf96e07bcdc429818a656b2b1cd67776

  • SHA1

    806faa49337feb5abe409d7226d225a9cc166f63

  • SHA256

    12d6e53f4e53e3d6f7f515bf42f0c675ddce2e8d241f3ed0be87b297bd6ed717

  • SHA512

    3cfd787806e67540bf38a29ca1d88ada025fef4addd3eb436efab1486c8929f7880711c040feb18d63cc2421321df62aa5ad740a324fc8fb89507fdc6a043064

  • SSDEEP

    3072:ivA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:i206xWgGxLxWN40PDKR/JnX2P

Score
10/10
emotetepoch2bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

69.38.130.14:80

195.159.28.230:8080

162.241.204.233:8080

115.21.224.117:80

78.189.148.42:80

181.165.68.127:80

78.188.225.105:80

161.0.153.60:80

89.106.251.163:80

172.125.40.123:80

5.39.91.110:7080

110.145.11.73:80

190.251.200.206:80

144.217.7.207:7080

75.109.111.18:80

75.177.207.146:80

139.59.60.244:8080

70.183.211.3:80

95.213.236.64:8080

61.19.246.238:443
rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANQOcBKvh5xEW7VcJ9totsjdBwuAclxS
3
Q0e09fk8V053lktpW3TRrzAW63yt6j1KWnyxMrU3igFXypBoI4lVNmkje4UPtIIS
4
fkzjEIvG1v/ZNn1k0J0PfFTxbFFeUEs3AwIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      bf96e07bcdc429818a656b2b1cd67776_JaffaCakes118

    • Size

      340KB

    • MD5

      bf96e07bcdc429818a656b2b1cd67776

    • SHA1

      806faa49337feb5abe409d7226d225a9cc166f63

    • SHA256

      12d6e53f4e53e3d6f7f515bf42f0c675ddce2e8d241f3ed0be87b297bd6ed717

    • SHA512

      3cfd787806e67540bf38a29ca1d88ada025fef4addd3eb436efab1486c8929f7880711c040feb18d63cc2421321df62aa5ad740a324fc8fb89507fdc6a043064

    • SSDEEP

      3072:ivA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:i206xWgGxLxWN40PDKR/JnX2P

    Score
    10/10
    emotetepoch2bankerdiscoverytrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.