Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d3c97d4add44c3aeae919206a0e15e91c859b0f2014eefe8c85cf847fad2c132

  • Size

    1.5MB

  • Sample

    240915-nj1qgssbrk

  • MD5

    57aabddfc2bbcd80f9eb07dd30fd9834

  • SHA1

    4b58b33ae527cc9614dea46167d46b6f6ab43334

  • SHA256

    d3c97d4add44c3aeae919206a0e15e91c859b0f2014eefe8c85cf847fad2c132

  • SHA512

    e7e09b4664cd8dd35935f83c6bdf12d92620a172628b1f275f691283e19b391eebe636275d1d29101b0d8bca09db9aa8be6b0e07bdafb25af8c252458b0d7aa0

  • SSDEEP

    24576:RiHgLZUmj/tKNw5j0509GTY+UUcShhKJELdcW1:4Hsemj/tKNKj0C9GTE38a

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://43.156.44.66:20665/jquery-3.3.1.min.js

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    43.156.44.66,/jquery-3.3.1.min.js

  • http_header1

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADQAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAAFAAAACF9fY2ZkdWlkAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    12800

  • polling_time

    1000

  • port_number

    20665

  • sc_process32

    %windir%\syswow64\WerFault.exe

  • sc_process64

    %windir%\sysnative\WerFault.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXR6dEL2D5D5PA0hFqADKMvQ60p56YoPVQbuEx+kAUCiYpCwNgOc+QWflJNwmd1P+Qqlpsnula1MPg8XFvV1MYBNyzWtyVSkd5+12DwvJ4yQ1itGOOJt/u/dVPodhTlTLl8G//5ibjH/LXduCfPZmQUmL5kApcSCnAe+C21IpP3QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4.234810624e+09

  • unknown2

    AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /jquery-3.3.2.min.js

  • user_agent

    Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

  • watermark

    100000

Targets

    • Target

      d3c97d4add44c3aeae919206a0e15e91c859b0f2014eefe8c85cf847fad2c132

    • Size

      1.5MB

    • MD5

      57aabddfc2bbcd80f9eb07dd30fd9834

    • SHA1

      4b58b33ae527cc9614dea46167d46b6f6ab43334

    • SHA256

      d3c97d4add44c3aeae919206a0e15e91c859b0f2014eefe8c85cf847fad2c132

    • SHA512

      e7e09b4664cd8dd35935f83c6bdf12d92620a172628b1f275f691283e19b391eebe636275d1d29101b0d8bca09db9aa8be6b0e07bdafb25af8c252458b0d7aa0

    • SSDEEP

      24576:RiHgLZUmj/tKNw5j0509GTY+UUcShhKJELdcW1:4Hsemj/tKNKj0C9GTE38a

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.