Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
._cache_b6b7ba4c887c5bbacb8643b62f29b951.ex_
-
Size
1.8MB
-
Sample
230207-hteywadb4t
-
MD5
afe2eeb9c39fe0aaf3b98b1a570fd77c
-
SHA1
ca42099bfeafd1a5c79180e0b406679eb5cae47d
-
SHA256
cb751923695b52f799d7c20ca696069059187258021c9d8f8035e83180e8087d
-
SHA512
0a15dc447ab97a2129c3d4fddac9b1f6473e5108275053961baf0f4a36a78b50583ee675a1753a300ac9a90cf01447353ca69bba845aa7a78294b1e381969243
-
SSDEEP
49152:t5+hFlevtNUzY7WawmPzyxMAqpDHd5h419Pu0hO/k5:t5aFlevtw9uzCMdBf4xVhOY
Static task
static1
Behavioral task
behavioral1
Sample
._cache_b6b7ba4c887c5bbacb8643b62f29b951.exe
Resource
win7-20220812-en
Malware Config
Extracted
cryptbot
abruszgy25.top
-
payload_url
http://petroscd11.top/download.php?file=lv.exe
Targets
-
-
Target
._cache_b6b7ba4c887c5bbacb8643b62f29b951.ex_
-
Size
1.8MB
-
MD5
afe2eeb9c39fe0aaf3b98b1a570fd77c
-
SHA1
ca42099bfeafd1a5c79180e0b406679eb5cae47d
-
SHA256
cb751923695b52f799d7c20ca696069059187258021c9d8f8035e83180e8087d
-
SHA512
0a15dc447ab97a2129c3d4fddac9b1f6473e5108275053961baf0f4a36a78b50583ee675a1753a300ac9a90cf01447353ca69bba845aa7a78294b1e381969243
-
SSDEEP
49152:t5+hFlevtNUzY7WawmPzyxMAqpDHd5h419Pu0hO/k5:t5aFlevtw9uzCMdBf4xVhOY
-
CryptBot payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-