Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cabe7aa4a6430daab83f5d7f37aca904.bin

  • Size

    4.2MB

  • Sample

    241206-b98skazlen

  • MD5

    3ac2048ea43e881ad6e5e1c2ecb3ad8e

  • SHA1

    a97af8ea503972dac14acdb49e008776702dfbaa

  • SHA256

    a0fa74cbac65a1c56c7611d34489903a2b1500a917645c9f08a5e555cc4ba741

  • SHA512

    dadddf595614d5ff989a5a764730de154ab60c58edb8f55d6cf490c8b0fd57f59f18de1311bbf5688f2e8e5c599b196956c32bc009865107ed59a9715848fc6c

  • SSDEEP

    98304:xeraudZobC03b0zIrRvfN33BDtZ1mxTN+BJHl9kCwhr7phkFN7:xsdZoD3YgZmTEBJHTNcXzK7

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      03fe3055e0b12aa4a2186a0a89ea58dfdf6a071679ba3950202204b3e62e7c8d.exe

    • Size

      4.3MB

    • MD5

      cabe7aa4a6430daab83f5d7f37aca904

    • SHA1

      0c8d8e4b20c857c52231b4325e808a3d90c73505

    • SHA256

      03fe3055e0b12aa4a2186a0a89ea58dfdf6a071679ba3950202204b3e62e7c8d

    • SHA512

      fae4b2dae145c35e0bdec6c3977186d1356f6065413b364d2f373cef5367da6bc6b7a2b31154df5ad5c0608fa3d165595115187297fbe88d621c51fbd5628159

    • SSDEEP

      98304:YH/+rzo66vzALS2c5SpRGRYhWnwxf+l5XPbSESGHEWJUg/ebBSF:4+/oBvcZYSpRGRoWnwly5XDaEKKCSF

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks