Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

liddad.exe

windows7-x64

10

liddad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    liddad.exe

  • Size

    7.5MB

  • Sample

    250208-wdkfbaxjgt

  • MD5

    66178e76829f947721ee5f995434d37f

  • SHA1

    d4ff72a893eb3a70a8d3274289f014d338ebb249

  • SHA256

    4aa772539c101eeea6cd0fececae92603738c59afb7406d7b81b370313918f93

  • SHA512

    0c39cde1db094b22cca8b3087dc5629c89d4f0ee3d9fea89a9a6e57a4b6c1080c552830f6d53bf347d3b4e81de047384365f8065561ef35d70a2d85047afd5c2

  • SSDEEP

    49152:vB6DGAe6ei93Aq7SrSLAFiyRMrqcHy/e8TRDh2lGcsl6BS/W7hlRSfYKRbpxPyzt:vB7m939hAMuM2cS/h1F2xDSqbKJyz82

Score
10/10
cryptbotdefense_evasiondiscoveryspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb18

Targets

    • Target

      liddad.exe

    • Size

      7.5MB

    • MD5

      66178e76829f947721ee5f995434d37f

    • SHA1

      d4ff72a893eb3a70a8d3274289f014d338ebb249

    • SHA256

      4aa772539c101eeea6cd0fececae92603738c59afb7406d7b81b370313918f93

    • SHA512

      0c39cde1db094b22cca8b3087dc5629c89d4f0ee3d9fea89a9a6e57a4b6c1080c552830f6d53bf347d3b4e81de047384365f8065561ef35d70a2d85047afd5c2

    • SSDEEP

      49152:vB6DGAe6ei93Aq7SrSLAFiyRMrqcHy/e8TRDh2lGcsl6BS/W7hlRSfYKRbpxPyzt:vB7m939hAMuM2cS/h1F2xDSqbKJyz82

    Score
    10/10
    cryptbotdefense_evasiondiscoveryspywarestealer

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

      spywarestealercryptbot

    • Cryptbot family

      cryptbot

    • Enumerates VirtualBox registry keys

      defense_evasion

    • Downloads MZ/PE file

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks