cryptbot | df84742a261c57d71c03f192777e348ae872d76364a806344ecb8e6d73750046 | Triage

Submit
Reports

Overview

overview

Static

static

edc6c999ad...80.exe

windows7_x64

edc6c999ad...80.exe

windows10_x64

Sharing

General

Target

edc6c999ada19c07b2135763984ffa80.exe
Size

641KB
Sample

210331-cv9vfbjhnx
MD5

edc6c999ada19c07b2135763984ffa80
SHA1

592c0e001bb213b8842bb12b26063a2dd12dc29a
SHA256

df84742a261c57d71c03f192777e348ae872d76364a806344ecb8e6d73750046
SHA512

20555f1621b60d74f3b2b2158acb35323f25045061e3d7a1450b4f547a01cdb8052aa2a2141bb5bd78e1a491174c6d5118d120a1b41585bf8fee00a98bcbc7f7

Score

10^/10

cryptbot discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

edc6c999ada19c07b2135763984ffa80.exe

Resource

win7v20201028

cryptbot spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

edc6c999ada19c07b2135763984ffa80.exe

Resource

win10v20201028

cryptbot discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

cryptbot

C2

cinzfr32.top

morcbc03.top

Attributes

payload_url
http://binrgf04.top/download.php?file=lv.exe

Targets

- Target
  
  edc6c999ada19c07b2135763984ffa80.exe
- Size
  
  641KB
- MD5
  
  edc6c999ada19c07b2135763984ffa80
- SHA1
  
  592c0e001bb213b8842bb12b26063a2dd12dc29a
- SHA256
  
  df84742a261c57d71c03f192777e348ae872d76364a806344ecb8e6d73750046
- SHA512
  
  20555f1621b60d74f3b2b2158acb35323f25045061e3d7a1450b4f547a01cdb8052aa2a2141bb5bd78e1a491174c6d5118d120a1b41585bf8fee00a98bcbc7f7
Score

10^/10

cryptbot spyware stealer discovery
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- CryptBot Payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

cryptbotspywarestealer

behavioral2

cryptbotdiscoveryspywarestealer

© 2018-2024

Terms | Privacy