Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f93e09242b7eaab1c1d6b54a407de756_JaffaCakes118
-
Size
220KB
-
Sample
241217-3jewcasnds
-
MD5
f93e09242b7eaab1c1d6b54a407de756
-
SHA1
f396fabe9c6ca0d4f20e1ac04597f7a6e662d910
-
SHA256
46c24d45ab234f19b3f531a2d5fc1591ebd648729253d86408ba5d051ca26372
-
SHA512
bcb6342273aa0a0e82e0cd92c4eaf35d80edfd87e8fcb9277696e9a7d5581997dcfceda09458d3a2abd7b0f89d4994a88b7c3792a25bc57a00a11cf5a32d83f2
-
SSDEEP
6144:TQCuCgrkRqQ8hOudVj04j5c/mjkWGnBi8FQ+v:MC7mpFdVj04j5ce3GnBZ
Malware Config
Extracted
cobaltstrike
0
http://xagadi.com:443/tab_shop_active.css
http://wocesa.com:443/tab_shop_active.css
-
access_type
512
-
beacon_type
2048
-
host
xagadi.com,/tab_shop_active.css,wocesa.com,/tab_shop_active.css
-
http_header1
AAAAEAAAAA5Ib3N0OiBiaW5nLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAEkFjY2VwdDogaW1hZ2UvanBlZwAAAAcAAAAAAAAADQAAAAMAAAACAAAAK3dvcmRwcmVzc19kNmMwNDA1ZTBkN2FiMThmZDRlNmEwYjc0ZmNlNDBiMD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAAA5Ib3N0OiBiaW5nLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAGUFjY2VwdC1FbmNvZGluZzogZ3ppcCwgYnIAAAAKAAAAL0NvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkAAAABwAAAAEAAAAPAAAAAwAAAAIAAAAGcGhvdG89AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
12288
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCS49q9LcgrY8zxVE+nsxEU91IYk3PTVgIV4WnOW14dwLPZUcP4KZ5HF5JxNcEcK49XKL4rMgp/6NhFsEAAtFAKzWZ5HBeL5Jz57mwECEYTYSqCVW10VfpjSYWclpb87PM/Gq/EZzrwm7jOjCWk9mQ95Uo7/I+JrTLFm682r6QcmwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.708806656e+09
-
unknown2
AAAABAAAAAIAAAPVAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/link
-
user_agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0
-
watermark
0
Targets
-
-
Target
f93e09242b7eaab1c1d6b54a407de756_JaffaCakes118
-
Size
220KB
-
MD5
f93e09242b7eaab1c1d6b54a407de756
-
SHA1
f396fabe9c6ca0d4f20e1ac04597f7a6e662d910
-
SHA256
46c24d45ab234f19b3f531a2d5fc1591ebd648729253d86408ba5d051ca26372
-
SHA512
bcb6342273aa0a0e82e0cd92c4eaf35d80edfd87e8fcb9277696e9a7d5581997dcfceda09458d3a2abd7b0f89d4994a88b7c3792a25bc57a00a11cf5a32d83f2
-
SSDEEP
6144:TQCuCgrkRqQ8hOudVj04j5c/mjkWGnBi8FQ+v:MC7mpFdVj04j5ce3GnBZ
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Cobaltstrike family
-