Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    liddad.exe

  • Size

    7.5MB

  • Sample

    250208-wdkfbaxjgt

  • MD5

    66178e76829f947721ee5f995434d37f

  • SHA1

    d4ff72a893eb3a70a8d3274289f014d338ebb249

  • SHA256

    4aa772539c101eeea6cd0fececae92603738c59afb7406d7b81b370313918f93

  • SHA512

    0c39cde1db094b22cca8b3087dc5629c89d4f0ee3d9fea89a9a6e57a4b6c1080c552830f6d53bf347d3b4e81de047384365f8065561ef35d70a2d85047afd5c2

  • SSDEEP

    49152:vB6DGAe6ei93Aq7SrSLAFiyRMrqcHy/e8TRDh2lGcsl6BS/W7hlRSfYKRbpxPyzt:vB7m939hAMuM2cS/h1F2xDSqbKJyz82

Malware Config

Extracted

Family

cryptbot

C2

http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb18

Targets

    • Target

      liddad.exe

    • Size

      7.5MB

    • MD5

      66178e76829f947721ee5f995434d37f

    • SHA1

      d4ff72a893eb3a70a8d3274289f014d338ebb249

    • SHA256

      4aa772539c101eeea6cd0fececae92603738c59afb7406d7b81b370313918f93

    • SHA512

      0c39cde1db094b22cca8b3087dc5629c89d4f0ee3d9fea89a9a6e57a4b6c1080c552830f6d53bf347d3b4e81de047384365f8065561ef35d70a2d85047afd5c2

    • SSDEEP

      49152:vB6DGAe6ei93Aq7SrSLAFiyRMrqcHy/e8TRDh2lGcsl6BS/W7hlRSfYKRbpxPyzt:vB7m939hAMuM2cS/h1F2xDSqbKJyz82

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Downloads MZ/PE file

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks