Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

f93e09242b...18.exe

windows7-x64

10

f93e09242b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f93e09242b7eaab1c1d6b54a407de756_JaffaCakes118

  • Size

    220KB

  • MD5

    f93e09242b7eaab1c1d6b54a407de756

  • SHA1

    f396fabe9c6ca0d4f20e1ac04597f7a6e662d910

  • SHA256

    46c24d45ab234f19b3f531a2d5fc1591ebd648729253d86408ba5d051ca26372

  • SHA512

    bcb6342273aa0a0e82e0cd92c4eaf35d80edfd87e8fcb9277696e9a7d5581997dcfceda09458d3a2abd7b0f89d4994a88b7c3792a25bc57a00a11cf5a32d83f2

  • SSDEEP

    6144:TQCuCgrkRqQ8hOudVj04j5c/mjkWGnBi8FQ+v:MC7mpFdVj04j5ce3GnBZ

Score
10/10
0cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://xagadi.com:443/tab_shop_active.css

http://wocesa.com:443/tab_shop_active.css
Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    xagadi.com,/tab_shop_active.css,wocesa.com,/tab_shop_active.css

  • http_header1

    AAAAEAAAAA5Ib3N0OiBiaW5nLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAEkFjY2VwdDogaW1hZ2UvanBlZwAAAAcAAAAAAAAADQAAAAMAAAACAAAAK3dvcmRwcmVzc19kNmMwNDA1ZTBkN2FiMThmZDRlNmEwYjc0ZmNlNDBiMD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAAEAAAAA5Ib3N0OiBiaW5nLmNvbQAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAKAAAAGUFjY2VwdC1FbmNvZGluZzogZ3ppcCwgYnIAAAAKAAAAL0NvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkAAAABwAAAAEAAAAPAAAAAwAAAAIAAAAGcGhvdG89AAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    12288

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCS49q9LcgrY8zxVE+nsxEU91IYk3PTVgIV4WnOW14dwLPZUcP4KZ5HF5JxNcEcK49XKL4rMgp/6NhFsEAAtFAKzWZ5HBeL5Jz57mwECEYTYSqCVW10VfpjSYWclpb87PM/Gq/EZzrwm7jOjCWk9mQ95Uo7/I+JrTLFm682r6QcmwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    2.708806656e+09

  • unknown2

    AAAABAAAAAIAAAPVAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /link

  • user_agent

    Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0

  • watermark

    0

Signatures

  • Cobaltstrike family
    cobaltstrike
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • f93e09242b7eaab1c1d6b54a407de756_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    829da329ce140d873b4a8bde2cbfaa7e


    Headers

    Imports

    Sections