cryptbot | 126f515316ff7d1be06266adcbbd565f18437b293b690765dcf55f500cb048e0 | Triage

Submit
Reports

Overview

overview

Static

static

fcf7a9f612...79.exe

windows7_x64

fcf7a9f612...79.exe

windows10_x64

Sharing

General

Target

fcf7a9f612586c76b3597985dc5e2b79.exe
Size

637KB
Sample

210330-3ctml3n9da
MD5

fcf7a9f612586c76b3597985dc5e2b79
SHA1

4a75e27a1ed940a6f27f5f2bf316f7ebf95b0858
SHA256

126f515316ff7d1be06266adcbbd565f18437b293b690765dcf55f500cb048e0
SHA512

4b6d124d27599559f84eb340d3cd7cb577bb9ed6c86306d03c26e3c9a61f5a5a1d9b4e849305ab40cb2f79e3d23215c3081262c68bde4d028abed1bbe44719cb

Score

10^/10

cryptbot discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

fcf7a9f612586c76b3597985dc5e2b79.exe

Resource

win7v20201028

cryptbot spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fcf7a9f612586c76b3597985dc5e2b79.exe

Resource

win10v20201028

cryptbot discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

cryptbot

C2

bavyf72.top

moriol07.top

Attributes

payload_url
http://akshj10.top/download.php?file=lv.exe

Targets

- Target
  
  fcf7a9f612586c76b3597985dc5e2b79.exe
- Size
  
  637KB
- MD5
  
  fcf7a9f612586c76b3597985dc5e2b79
- SHA1
  
  4a75e27a1ed940a6f27f5f2bf316f7ebf95b0858
- SHA256
  
  126f515316ff7d1be06266adcbbd565f18437b293b690765dcf55f500cb048e0
- SHA512
  
  4b6d124d27599559f84eb340d3cd7cb577bb9ed6c86306d03c26e3c9a61f5a5a1d9b4e849305ab40cb2f79e3d23215c3081262c68bde4d028abed1bbe44719cb
Score

10^/10

cryptbot spyware stealer discovery
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- CryptBot Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotspywarestealer

behavioral2

cryptbotdiscoveryspywarestealer

© 2018-2024

Terms | Privacy