Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e3ebb51b236c97e9354f7fdb6d1edfd0_JaffaCakes118

  • Size

    208KB

  • Sample

    240916-dtbh8swfmh

  • MD5

    e3ebb51b236c97e9354f7fdb6d1edfd0

  • SHA1

    b037121606d46d26439f126a707e866187aea5e5

  • SHA256

    0a9e47b3e4b401e02c50b2cffc19fb5947846a7cd581819e21f6a9d980dab858

  • SHA512

    edf521f101a87ed676e37d1cc0ef959a35e282206d735e85553a964f03d1d9d9a7a5192db2e11eec1f641587a1a6c7bb44c0c1d4b7a5508b069423ef7e1802bc

  • SSDEEP

    3072:vWQUFomCur4rK68Dx78wacfJZhYyl9v2419t1F8ZKlHA/aF74Enov7yYkaYt:vWQE/f0K686IdYyTNbh8EHnpA7nYt

Malware Config

Extracted

Family

cobaltstrike

Botnet

1873433027

C2

http://121.46.4.136:9188/IE9CompatViewList.xml

Attributes
  • access_type

    512

  • host

    121.46.4.136,/IE9CompatViewList.xml

  • http_header1

    AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • polling_time

    60000

  • port_number

    9188

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGUjnmwAOu8hV1g1URTOnrEHMBIxaNINTv+E+I3vDJh6Q9r5hsHguKQ0xvYsE0Di5qLL0kzff4DD2tmpIalXPAux8eE8o6Ya8P8G6CrBTaNr+2GFc+p7T6H1fWAsLRtcq+H+ngGTjb3qsh2lhuO3C/nx+/J8eTYZ+6Q4YTpKRVQwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /submit.php

  • user_agent

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)

  • watermark

    1873433027

Targets

    Tasks