Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    437EF2554163F1A5741638AEED6B5B91.7z

  • Size

    3.5MB

  • Sample

    221012-lnr8ssdbgq

  • MD5

    dc2ebf3298f8199d50d12c60f9a6f4f8

  • SHA1

    45fe0f472894e302417af8bf587562fe5c16a3bd

  • SHA256

    2d6b4ba2968b39390b59522f74994c763367c3a34f2537ef0f100cc66c8cdd41

  • SHA512

    d4f3fae350af917e380f5289783a5f1cc11db65f9866d49eb98c8f5b44c21ad3390137810aacc7cbd960099347d6b5771c8ce56b4b2b23ac028a9152c94b779c

  • SSDEEP

    98304:6V9v3k7DDA+Pvx1hynd5w4J/ah8sqi5HGjIZe2KYZmJ:G9G1Icz7VkE3KYZmJ

Malware Config

Extracted

Family

cryptbot

C2

[<

http://sgiyhb23.top/gate.php

Targets

    • Target

      437EF2554163F1A5741638AEED6B5B91.bin

    • Size

      703.5MB

    • MD5

      437ef2554163f1a5741638aeed6b5b91

    • SHA1

      de659aa13c6795fd44e02d9f22daa1c9d822dfeb

    • SHA256

      b118c69d60c43222ba733d70d620948c22662c100fa1430a543ffad529775246

    • SHA512

      6dab3efc1f095ca272f06ea8cbc09b11bd32f38e54bc7fe09caf7d30a1622a09aa4b428de747ac183791ffd31c87a5e846800e36fbd48a2281ff6de90a030d2a

    • SSDEEP

      98304:EEjzOuKs39I1sBdGYZ26y3SWGoqZ92yVG/u:EEW/IVDMVByQyVG/u

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks