Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
437EF2554163F1A5741638AEED6B5B91.7z
-
Size
3.5MB
-
Sample
221012-lnr8ssdbgq
-
MD5
dc2ebf3298f8199d50d12c60f9a6f4f8
-
SHA1
45fe0f472894e302417af8bf587562fe5c16a3bd
-
SHA256
2d6b4ba2968b39390b59522f74994c763367c3a34f2537ef0f100cc66c8cdd41
-
SHA512
d4f3fae350af917e380f5289783a5f1cc11db65f9866d49eb98c8f5b44c21ad3390137810aacc7cbd960099347d6b5771c8ce56b4b2b23ac028a9152c94b779c
-
SSDEEP
98304:6V9v3k7DDA+Pvx1hynd5w4J/ah8sqi5HGjIZe2KYZmJ:G9G1Icz7VkE3KYZmJ
Static task
static1
Behavioral task
behavioral1
Sample
437EF2554163F1A5741638AEED6B5B91.exe
Resource
win7-20220812-en
Malware Config
Extracted
cryptbot
[<
http://sgiyhb23.top/gate.php
Targets
-
-
Target
437EF2554163F1A5741638AEED6B5B91.bin
-
Size
703.5MB
-
MD5
437ef2554163f1a5741638aeed6b5b91
-
SHA1
de659aa13c6795fd44e02d9f22daa1c9d822dfeb
-
SHA256
b118c69d60c43222ba733d70d620948c22662c100fa1430a543ffad529775246
-
SHA512
6dab3efc1f095ca272f06ea8cbc09b11bd32f38e54bc7fe09caf7d30a1622a09aa4b428de747ac183791ffd31c87a5e846800e36fbd48a2281ff6de90a030d2a
-
SSDEEP
98304:EEjzOuKs39I1sBdGYZ26y3SWGoqZ92yVG/u:EEW/IVDMVByQyVG/u
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-