Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cbbfe74029e6eb81ccc66d728428b328_JaffaCakes118

  • Size

    596KB

  • Sample

    241206-h9ecaawngt

  • MD5

    cbbfe74029e6eb81ccc66d728428b328

  • SHA1

    75ca75a839b5605286385329839d01986b11b19d

  • SHA256

    e40c1359fa0e86c65f50363b88e29a7d4d24990195cc766273203c496393ebe4

  • SHA512

    9a8e97265e9a777c8d5e7b9508c444b574a58dad184c6b008ecda3106926e9c0eed15d11c220282054d70d7a61afceb308c4d4c6ed611a0c0a516e5f4aef1c12

  • SSDEEP

    12288:bGTJt5et/HePSr9fg/YiTRtILP8IQXbcZ9uDWUJLypTJ4JLvC5:mJfet/He6r9fUHmPpQAWSqkWLv

Malware Config

Extracted

Family

cryptbot

C2

lysvay12.top

moroer01.top

Attributes
  • payload_url

    http://damuxa01.top/download.php?file=lv.exe

Targets

    • Target

      cbbfe74029e6eb81ccc66d728428b328_JaffaCakes118

    • Size

      596KB

    • MD5

      cbbfe74029e6eb81ccc66d728428b328

    • SHA1

      75ca75a839b5605286385329839d01986b11b19d

    • SHA256

      e40c1359fa0e86c65f50363b88e29a7d4d24990195cc766273203c496393ebe4

    • SHA512

      9a8e97265e9a777c8d5e7b9508c444b574a58dad184c6b008ecda3106926e9c0eed15d11c220282054d70d7a61afceb308c4d4c6ed611a0c0a516e5f4aef1c12

    • SSDEEP

      12288:bGTJt5et/HePSr9fg/YiTRtILP8IQXbcZ9uDWUJLypTJ4JLvC5:mJfet/He6r9fUHmPpQAWSqkWLv

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Cryptbot family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks