General

  • Target

    5eadc3d4c02b8b1ea765adca519d9031.exe

  • Size

    742KB

  • Sample

    210503-ey2wfwwpkn

  • MD5

    5eadc3d4c02b8b1ea765adca519d9031

  • SHA1

    5729f9d4549a3dc388dfd17470279377a9e1692c

  • SHA256

    a74f7f37ceedc57d0b8024d1e92efd40b023f8fce090dc80853f9ba88f61e7bb

  • SHA512

    5f54548e44c2db3defa159003ae63cf52516b2be41a4582f932f898784f14a3699af1952db4c43b153f5b4e71b6864bd4696952fa4c4a319235e7e5d70228eda

Malware Config

Extracted

Family

cryptbot

C2

jusvyg72.top

morioa07.top

Targets

    • Target

      5eadc3d4c02b8b1ea765adca519d9031.exe

    • Size

      742KB

    • MD5

      5eadc3d4c02b8b1ea765adca519d9031

    • SHA1

      5729f9d4549a3dc388dfd17470279377a9e1692c

    • SHA256

      a74f7f37ceedc57d0b8024d1e92efd40b023f8fce090dc80853f9ba88f61e7bb

    • SHA512

      5f54548e44c2db3defa159003ae63cf52516b2be41a4582f932f898784f14a3699af1952db4c43b153f5b4e71b6864bd4696952fa4c4a319235e7e5d70228eda

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks