Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
CoinBase Checker.rar
-
Size
3.5MB
-
Sample
240727-1fklbazekp
-
MD5
ea678e9dd238597640d9f1f9822dd01e
-
SHA1
58dcb49b86e9777d0981dd007e40aa9f8571e615
-
SHA256
2e4670fd19657b215997637e40e8eca5e6f7d19ac802690cb98c97b2038fba55
-
SHA512
4b195d8459b21f0cf80c33c0f3af515114ea85a86d39cd9aba195530db9513f237cfcd99a4b009d414c7658db36a16ef7c739e5badb2051d2e66c56b7807472f
-
SSDEEP
98304:2NoB0kM9N/pwutuDS978jOt93HJ/tPJkKMgwyJMAgZM9N/On:2NoBQ9N/2uGjOt9XJ/tPOKMQJhg69N/c
Malware Config
Targets
-
-
Target
CoinBase Checker/CoinBase Checker/CoinBase Checker.exe
-
Size
186KB
-
MD5
e433bb7355ac91b3fd6193601e9d379d
-
SHA1
a8a7155b36aa967580650a55d47166d2c2534fcf
-
SHA256
cf629cc2cb10ffd1b3485e562c850ad37341c3bb8836b1d78c3e5401f84c0872
-
SHA512
4352fb5dfef5a3699011a8f5c8ab3e297a633e46d0fcac5e08fa466e612964d330cae0cdf30050b2680349f236ac277e562429dfbb428ade41e486aa42b44985
-
SSDEEP
1536:B4liePIZUjIYy5bdAKN8h4eurTqt4lZBlTNtD4dj+m5hww71:B4liU1KN8h4eur+4nLNtEdjXh
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
CoinBase Checker/CoinBase Checker/libeay32.dll
-
Size
988KB
-
MD5
177bda0c92482dfa2c162a3750932b9c
-
SHA1
cb3b8a465fb55e9e0b4bb5a3298a481557a799d5
-
SHA256
17a4b75ef43a4fdeedaef86c39bead6719144e3e368b55898b79ecb371012854
-
SHA512
d6900cbcd53d2993ea639e70fe7d0b29595153c4ef54eb9c4a264c22963ca64d551dd633ce1c5d657bd371ddeebcff00419d50a13e423d44f25c8ac9f8ccf3d0
-
SSDEEP
12288:baTkV9YfAjvnC+pcU0MfHJQXA7WpVn2UNKQbox5b6j6iHk:bOBcnJpcTMve5pV9sQbsejrHk
Score3/10 -
-
-
Target
CoinBase Checker/CoinBase Checker/msvcr71.dll
-
Size
340KB
-
MD5
86f1895ae8c5e8b17d99ece768a70732
-
SHA1
d5502a1d00787d68f548ddeebbde1eca5e2b38ca
-
SHA256
8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
-
SHA512
3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da
-
SSDEEP
6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
Score3/10 -
-
-
Target
CoinBase Checker/CoinBase Checker/ssleay32.dll
-
Size
192KB
-
MD5
5023f4c4aaaa1b6e9d992d6bbdcd340b
-
SHA1
2165b4a8089a7c00dc586c983e8548653a4e0ce4
-
SHA256
59b1be1072dd4aca5ddcf9b66d5df8bec327b4891925ba2339fe6ac6a1bf6d19
-
SHA512
c2885d8a8daac7ff83991dd81c6b2993c874081ea8877511aedd61e31829b26d33d8d9e433c7c72dd79d4cdf5d2a6e484b980117549770df1d2f2f522f8a0758
-
SSDEEP
3072:whsCnSceRcwwWbLhF8KzwtF1TKXpE2y5jfFKRz+AAWeZJHR7u9Ea3Q0du1f:5TRVwWblFrzw31TKRatKVjqJHW3/d
Score3/10 -
-
-
Target
CoinBase Checker/CoinBase Checker/sync/Ionic.Zip.dll
-
Size
480KB
-
MD5
f6933bf7cee0fd6c80cdf207ff15a523
-
SHA1
039eeb1169e1defe387c7d4ca4021bce9d11786d
-
SHA256
17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89
-
SHA512
88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6
-
SSDEEP
6144:OhagC/Mq25o9sXGtSV41OJDsTDDVUMle6ZjxLV/kHu4Bht79I9:iagxWS4msNUCe65fkHdBf9
Score1/10 -
-
-
Target
CoinBase Checker/CoinBase Checker/sync/Launcher.exe
-
Size
53KB
-
MD5
c6d4c881112022eb30725978ecd7c6ec
-
SHA1
ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
-
SHA256
0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
-
SHA512
3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981
-
SSDEEP
768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
CoinBase Checker/CoinBase Checker/sync/cb32.exe
-
Size
4.2MB
-
MD5
1950868bb340538645dd1bde7b26f9e3
-
SHA1
734f1868c6798ce73f3746b7965534ad081e6a44
-
SHA256
b922dbb6fcee110d03ac9abbd9a158f69e8b02edcd01117bdf2851b523c3965c
-
SHA512
f7e6bf2203afb68d56e1a8a1806333987ec4533b51a0739a886c5529d49dcd37f6110e909af32e158741022b05f742535859b147fd1a2abfac23d9be7c048cb0
-
SSDEEP
49152:20PF9KvY5EloSNBjNdkHfsiUD/Y6ohiqgDWfkqS/kfJTuTQlvjeQlzA5WBcShauh:20PSv+B6ohikf0/2lviosWhharV1/
Score3/10 -
-
-
Target
CoinBase Checker/CoinBase Checker/sync/libeay32.dll
-
Size
988KB
-
MD5
177bda0c92482dfa2c162a3750932b9c
-
SHA1
cb3b8a465fb55e9e0b4bb5a3298a481557a799d5
-
SHA256
17a4b75ef43a4fdeedaef86c39bead6719144e3e368b55898b79ecb371012854
-
SHA512
d6900cbcd53d2993ea639e70fe7d0b29595153c4ef54eb9c4a264c22963ca64d551dd633ce1c5d657bd371ddeebcff00419d50a13e423d44f25c8ac9f8ccf3d0
-
SSDEEP
12288:baTkV9YfAjvnC+pcU0MfHJQXA7WpVn2UNKQbox5b6j6iHk:bOBcnJpcTMve5pV9sQbsejrHk
Score3/10 -
-
-
Target
CoinBase Checker/CoinBase Checker/sync/msvcr71.dll
-
Size
340KB
-
MD5
86f1895ae8c5e8b17d99ece768a70732
-
SHA1
d5502a1d00787d68f548ddeebbde1eca5e2b38ca
-
SHA256
8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
-
SHA512
3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da
-
SSDEEP
6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
Score3/10 -
-
-
Target
CoinBase Checker/CoinBase Checker/sync/ssleay32.dll
-
Size
192KB
-
MD5
5023f4c4aaaa1b6e9d992d6bbdcd340b
-
SHA1
2165b4a8089a7c00dc586c983e8548653a4e0ce4
-
SHA256
59b1be1072dd4aca5ddcf9b66d5df8bec327b4891925ba2339fe6ac6a1bf6d19
-
SHA512
c2885d8a8daac7ff83991dd81c6b2993c874081ea8877511aedd61e31829b26d33d8d9e433c7c72dd79d4cdf5d2a6e484b980117549770df1d2f2f522f8a0758
-
SSDEEP
3072:whsCnSceRcwwWbLhF8KzwtF1TKXpE2y5jfFKRz+AAWeZJHR7u9Ea3Q0du1f:5TRVwWblFrzw31TKRatKVjqJHW3/d
Score3/10 -