Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ._cache_b6b7ba4c887c5bbacb8643b62f29b951.ex_

  • Size

    1.8MB

  • Sample

    230207-hteywadb4t

  • MD5

    afe2eeb9c39fe0aaf3b98b1a570fd77c

  • SHA1

    ca42099bfeafd1a5c79180e0b406679eb5cae47d

  • SHA256

    cb751923695b52f799d7c20ca696069059187258021c9d8f8035e83180e8087d

  • SHA512

    0a15dc447ab97a2129c3d4fddac9b1f6473e5108275053961baf0f4a36a78b50583ee675a1753a300ac9a90cf01447353ca69bba845aa7a78294b1e381969243

  • SSDEEP

    49152:t5+hFlevtNUzY7WawmPzyxMAqpDHd5h419Pu0hO/k5:t5aFlevtw9uzCMdBf4xVhOY

Malware Config

Extracted

Family

cryptbot

C2

abruszgy25.top

Attributes
  • payload_url

    http://petroscd11.top/download.php?file=lv.exe

Targets

    • Target

      ._cache_b6b7ba4c887c5bbacb8643b62f29b951.ex_

    • Size

      1.8MB

    • MD5

      afe2eeb9c39fe0aaf3b98b1a570fd77c

    • SHA1

      ca42099bfeafd1a5c79180e0b406679eb5cae47d

    • SHA256

      cb751923695b52f799d7c20ca696069059187258021c9d8f8035e83180e8087d

    • SHA512

      0a15dc447ab97a2129c3d4fddac9b1f6473e5108275053961baf0f4a36a78b50583ee675a1753a300ac9a90cf01447353ca69bba845aa7a78294b1e381969243

    • SSDEEP

      49152:t5+hFlevtNUzY7WawmPzyxMAqpDHd5h419Pu0hO/k5:t5aFlevtw9uzCMdBf4xVhOY

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks