Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0122dc62d013e938ceeb5416d1dd2281b0031fc23734426847e6662050bb143c
-
Size
2.8MB
-
Sample
240925-p382msweml
-
MD5
aa01858bd6596a339fba887aafb270b0
-
SHA1
2a38c7beb03a633ed396f393404191aff2b186a9
-
SHA256
0122dc62d013e938ceeb5416d1dd2281b0031fc23734426847e6662050bb143c
-
SHA512
23a8e5c6ad9e6fbec2006dc7f8cf53be9a9cb08c3c4b95ec05530db126c8aa6bc9fa2bfc37937fff68fe2cba945e6d7271cb2e302716f8eec748501d50a69dbf
-
SSDEEP
49152:9ORocsGjsxoAHT2tWCOcEf56epMddiqbi/R9/MAgwf8j6Nf1bm9jFQNqRLDIPHo:f9a02tWCRqedk/n0Agwf8j6NfJIDI
Malware Config
Extracted
cobaltstrike
http://149.104.25.1:5541/cM5x
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER
Extracted
cobaltstrike
391144938
http://149.104.25.1:5541/mht_image/
-
access_type
512
-
host
149.104.25.1,/mht_image/
-
http_header1
AAAACgAAAEhBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKmw7cT0wLjgAAAAKAAAAHlJlZmVyZXI6IGh0dHA6Ly93d3cuZ29vZ2xlLmNvbQAAAAoAAAAQUHJhZ21hOiBuby1jYWNoZQAAAAoAAAAXQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUAAAAHAAAAAAAAAAgAAAABAAAABC5qcGcAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAoAAAAeUmVmZXJlcjogaHR0cDovL3d3dy5nb29nbGUuY29tAAAACgAAABBQcmFnbWE6IG5vLWNhY2hlAAAACgAAABdDYWNoZS1Db250cm9sOiBuby1jYWNoZQAAAAcAAAAAAAAACwAAAAEAAAAELnBuZwAAAAwAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
5541
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEZbzcff9JbW4j2x/g8sxgLnunWbGHmo3zR9JkMt0jK+fjwjaNT/mOzuzkVf/b9ewCmrfrKpQ7VriS/9HHUjqL/v5CIgjJ9PqutAmfSq/EZEeWHGnfn5N+Pn0VFOphJom0jX5slvpnPmCF/tRFs0xgSDKQJPQbH+5JLh4koNstzQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/mht_email/
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;SVSE)
-
watermark
391144938
Targets
-
-
Target
0122dc62d013e938ceeb5416d1dd2281b0031fc23734426847e6662050bb143c
-
Size
2.8MB
-
MD5
aa01858bd6596a339fba887aafb270b0
-
SHA1
2a38c7beb03a633ed396f393404191aff2b186a9
-
SHA256
0122dc62d013e938ceeb5416d1dd2281b0031fc23734426847e6662050bb143c
-
SHA512
23a8e5c6ad9e6fbec2006dc7f8cf53be9a9cb08c3c4b95ec05530db126c8aa6bc9fa2bfc37937fff68fe2cba945e6d7271cb2e302716f8eec748501d50a69dbf
-
SSDEEP
49152:9ORocsGjsxoAHT2tWCOcEf56epMddiqbi/R9/MAgwf8j6Nf1bm9jFQNqRLDIPHo:f9a02tWCRqedk/n0Agwf8j6NfJIDI
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Loads dropped DLL
-