General
-
Target
32_64_ver_1_bit.bin (1).zip
-
Size
1.7MB
-
Sample
210306-ltrby6m57x
-
MD5
3c5798fe337421e0c6f7ca3d0954c55a
-
SHA1
11e5557b97f7c1f3871a1812c0d41687fa45384f
-
SHA256
f9d1611e9c76704829a006ca1a15c810063c0c68f2c9466cfafe583de36c4a0e
-
SHA512
9f89783d796bfe2834cea51ecd7802d7fc511abb0396067f8bc4b66072a9d8c7ff47a87a0260ed52a581e9a3079a79afa6a4194c0a26be7670308964b8198891
Malware Config
Targets
-
-
Target
32_64_ver_1_bit.bin
-
Size
1.8MB
-
MD5
cf79a81627e7b71ca9bdd33ba812b7a0
-
SHA1
26c35564bde9adcc2c56d062fce809ee2b4ee82d
-
SHA256
607d4323ec499f3d2d39f10ce3e539442c2c8959be41afe20d6a2a68b5406f8b
-
SHA512
79b1a6429432e4b4860f3226cf892c14a77cc8c9b55b8d4990c43af8a4d9f8ef09dfa6a43e2f05671ea4dc20625ccd1a1d3507c227a49f35ef74df892fba9342
Score10/10-
CryptBot
A C++ stealer distributed widely in bundle with other software.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-