Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

d74ee28a91...18.exe

windows7-x64

10

d74ee28a91...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d74ee28a91d0e857427837c5bdbae83d_JaffaCakes118

  • Size

    667KB

  • Sample

    240910-abgqrayenh

  • MD5

    d74ee28a91d0e857427837c5bdbae83d

  • SHA1

    e8a485c603a0ef3badbe183e9f7640cd8eaed20f

  • SHA256

    7e49f4889e0d8b5c6c8add44631b7f0f0d820612497e2adec2b9197e985d1cba

  • SHA512

    d488931ed08d7eddff9fb72898b92e9117f60a2ba99a3deefa53d1d28b325c4e6b8b9f41512cc74196083a3df46d9955a4fdca4b26d3b7b74b9ecd8e6d47ccfc

  • SSDEEP

    12288:76JJG//tnC5VCFSoDpaQlHfl6mCiWDaBMNCFbnG:76J6/tniVNoDgQVN6mCip9FbG

Score
10/10
emotetepoch1bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

202.22.141.45:80

37.187.161.206:8080

202.29.239.162:443

80.87.201.221:7080

82.76.111.249:443

216.47.196.104:80

192.241.143.52:8080

192.81.38.31:80

87.106.253.248:8080

64.201.88.132:80

192.241.146.84:8080

12.162.84.2:8080

1.226.84.243:8080

177.129.17.170:443

202.134.4.210:7080

70.169.17.134:80

152.169.22.67:80

5.196.35.138:7080

138.97.60.141:7080

203.205.28.68:80
rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      d74ee28a91d0e857427837c5bdbae83d_JaffaCakes118

    • Size

      667KB

    • MD5

      d74ee28a91d0e857427837c5bdbae83d

    • SHA1

      e8a485c603a0ef3badbe183e9f7640cd8eaed20f

    • SHA256

      7e49f4889e0d8b5c6c8add44631b7f0f0d820612497e2adec2b9197e985d1cba

    • SHA512

      d488931ed08d7eddff9fb72898b92e9117f60a2ba99a3deefa53d1d28b325c4e6b8b9f41512cc74196083a3df46d9955a4fdca4b26d3b7b74b9ecd8e6d47ccfc

    • SSDEEP

      12288:76JJG//tnC5VCFSoDpaQlHfl6mCiWDaBMNCFbnG:76J6/tniVNoDgQVN6mCip9FbG

    Score
    10/10
    emotetepoch1bankerdiscoverytrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Emotet payload

      Detects Emotet payload in memory.

      trojanbanker

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.