Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Transfer-https.vbs

windows7-x64

10

Transfer-https.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    504d61c9447282fbaf2800bdea63874a94550774950f46090e4ef6b91389c6fd

  • Size

    3KB

  • Sample

    241205-vphkeszmgr

  • MD5

    db8b68a8bc6ce9148832ed16734973a4

  • SHA1

    057cf165f26deb25031c723e378c04ab26a1eed7

  • SHA256

    504d61c9447282fbaf2800bdea63874a94550774950f46090e4ef6b91389c6fd

  • SHA512

    88d7a4a5557f3d325842b09aafeaf26b0ea8dae48e05740abf11157635d282b469f285ba4c5aa0adfa4a2692516b465e324d17976d4491a8690480676546981f

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://89.197.154.116:7810/GHCSKLHA62xAo0GiJ65tlwmFvMO6tQNKeTswMuKxpybsim_N2RnNTId_j8dnBmA9vnYOyNR6EU7eXYS6AY-Rox46MWUiLVByUmCfxHjNCsvWTIsFuGs9e3XKhc2dJ6Jls10lHzhDwU0eh84XVkCbmUwBJfgF33CNXlpD8tpFnQKUyLbbyQTF_Cn32t6uqwBi89JgBGKEY_FfUBSCI4FljPsd9uXGcHm2BThT

Targets

    • Target

      Transfer-https.vbs

    • Size

      7KB

    • MD5

      e2f4a3c6e7570b4424089b24b059c9d0

    • SHA1

      19c12a30f1cde384d948d32d1efa6f8a541e2a60

    • SHA256

      44fd76bed4f91723940931c035a1e92f7d26d7c94dabd15f2e4a8db4f6e48273

    • SHA512

      646e2cd0517745c4b36a3178edd8f48fe46eb29a2053d83f6beb61d9e5205cc97d1a7f9a65ea0190044b87b1275d998779025d7ede2253b455782d5e40e8c0f8

    • SSDEEP

      96:ZGze5ePQfJEgaGscxriEto+TE9sfQcHOB7uczr05LaGejhVPPCyCsB3fD+r2:UzezgfEtoRGocHOBDzr05KbPKyNBG2

    Score
    10/10
    metasploitbackdoordiscoverytrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.